Asp.Net 中使用HttpModule 做Session驗證

mybwu_com發表於2014-03-11

session的檢查可以考慮用一個http module掛在http pipeline上


過程如下:


1. 在Web.Config 配置:


 <httpModules>
      <!--Edas Authentication-->
      <add name="eDASAuthenticationModule" type="CRMWeb.eDAS.HttpModules.eDASAuthenticationModule"/>
      
    </httpModules>



2.新增httpmodule

程式碼:
把驗證掛在了 PreRequestHandlerExecute 上 ,因為在這一步,session才被建立。



using System.Linq;
using System.Reflection;
using System.Web;
using CRMWeb.eDAS.Util;
using CRMWeb.eDAS.Entities;

namespace CRMWeb.eDAS.HttpModules
{
    public class eDASAuthenticationModule : IHttpModule
    {
        #region IHttpModule Members

        public void Dispose()
        {
            //clean-up code here.
        }

        public void Init(HttpApplication context)
        {
            context.PreRequestHandlerExecute += (sender, args) =>
                {
                    var c = sender as HttpApplication;
                    CheckLoginState(c);
                };
        }

        private void CheckLoginState(HttpApplication context)
        {
            if (context.Request.RawUrl.LastIndexOf('/') < 0)
                return;

            var requestPageName = GetPageNameFromUrl(context.Request.RawUrl);

            ////ALWAYS allow Access Branch Login Page
            if (eDASConstants.NavigatePage.BranchLoginUrl.Contains(requestPageName))
                return;

            var fields = typeof(eDASConstants.NavigatePage).GetFields
                (BindingFlags.Public | BindingFlags.Static);

            var allPages = fields.Select((t, i) => t.GetValue(t).ToString()).ToList();

            //1.indicate NOT Request branch login , check ticket
            if (EdasContext.TicketInfoSession.Current == null &&
                allPages.Any(p => p.Contains(requestPageName)))
            {
                EdasContext.ClearAll();
                context.Response.Redirect(eDASConstants.NavigatePage.BranchLoginUrl);
            }

            //2.indicate have ticket , if want to go sales person page , let him go

            if (eDASConstants.NavigatePage.SalesPersonLoginUrl.Contains(requestPageName))
                return;
            //if do not want to go sales person login , check sales person session
            if (EdasContext.SalesPersonSession.Current == null &&
                allPages.Any(p => p.Contains(requestPageName)))
            {
                EdasContext.ClearCurrentCustomerSession();
                context.Response.Redirect(eDASConstants.NavigatePage.SalesPersonLoginUrl);
            }

            //indicate sales person login session & ticket both have value
            //if want to go customer queue , let him go
            if (eDASConstants.NavigatePage.CustomerQueueInfoUrl.Contains(requestPageName))
                return;

            //3.sales person & ticket NOT null,if still want to go anywhere NOT queue page,check session if not go back
            if (EdasContext.CustomerQueueSession.Current == null &&
                !eDASConstants.NavigatePage.CustomerQueueInfoUrl.Contains(requestPageName) &&
                allPages.Any(p => p.Contains(requestPageName)))
            {
                EdasContext.ClearCurrentCustomerSession();
                context.Response.Redirect(eDASConstants.NavigatePage.CustomerQueueInfoUrl);
            }
        }

        private string GetPageNameFromUrl(string url)
        {
            var indexOfSlash = url.LastIndexOf('/');
            var nameWithQuery = url.Substring(indexOfSlash, url.Length - indexOfSlash);
            var indexOfParam = url.IndexOf('?');
            return url.Contains("?") ? url.Substring(0, indexOfParam) : nameWithQuery;
        }
        #endregion

    }
}



相關文章