Asp.Net 中使用HttpModule 做Session驗證
session的檢查可以考慮用一個http module掛在http pipeline上
過程如下:
1. 在Web.Config 配置:
<httpModules>
<!--Edas Authentication-->
<add name="eDASAuthenticationModule" type="CRMWeb.eDAS.HttpModules.eDASAuthenticationModule"/>
</httpModules>
2.新增httpmodule
程式碼:
把驗證掛在了 PreRequestHandlerExecute 上 ,因為在這一步,session才被建立。
using System.Linq;
using System.Reflection;
using System.Web;
using CRMWeb.eDAS.Util;
using CRMWeb.eDAS.Entities;
namespace CRMWeb.eDAS.HttpModules
{
public class eDASAuthenticationModule : IHttpModule
{
#region IHttpModule Members
public void Dispose()
{
//clean-up code here.
}
public void Init(HttpApplication context)
{
context.PreRequestHandlerExecute += (sender, args) =>
{
var c = sender as HttpApplication;
CheckLoginState(c);
};
}
private void CheckLoginState(HttpApplication context)
{
if (context.Request.RawUrl.LastIndexOf('/') < 0)
return;
var requestPageName = GetPageNameFromUrl(context.Request.RawUrl);
////ALWAYS allow Access Branch Login Page
if (eDASConstants.NavigatePage.BranchLoginUrl.Contains(requestPageName))
return;
var fields = typeof(eDASConstants.NavigatePage).GetFields
(BindingFlags.Public | BindingFlags.Static);
var allPages = fields.Select((t, i) => t.GetValue(t).ToString()).ToList();
//1.indicate NOT Request branch login , check ticket
if (EdasContext.TicketInfoSession.Current == null &&
allPages.Any(p => p.Contains(requestPageName)))
{
EdasContext.ClearAll();
context.Response.Redirect(eDASConstants.NavigatePage.BranchLoginUrl);
}
//2.indicate have ticket , if want to go sales person page , let him go
if (eDASConstants.NavigatePage.SalesPersonLoginUrl.Contains(requestPageName))
return;
//if do not want to go sales person login , check sales person session
if (EdasContext.SalesPersonSession.Current == null &&
allPages.Any(p => p.Contains(requestPageName)))
{
EdasContext.ClearCurrentCustomerSession();
context.Response.Redirect(eDASConstants.NavigatePage.SalesPersonLoginUrl);
}
//indicate sales person login session & ticket both have value
//if want to go customer queue , let him go
if (eDASConstants.NavigatePage.CustomerQueueInfoUrl.Contains(requestPageName))
return;
//3.sales person & ticket NOT null,if still want to go anywhere NOT queue page,check session if not go back
if (EdasContext.CustomerQueueSession.Current == null &&
!eDASConstants.NavigatePage.CustomerQueueInfoUrl.Contains(requestPageName) &&
allPages.Any(p => p.Contains(requestPageName)))
{
EdasContext.ClearCurrentCustomerSession();
context.Response.Redirect(eDASConstants.NavigatePage.CustomerQueueInfoUrl);
}
}
private string GetPageNameFromUrl(string url)
{
var indexOfSlash = url.LastIndexOf('/');
var nameWithQuery = url.Substring(indexOfSlash, url.Length - indexOfSlash);
var indexOfParam = url.IndexOf('?');
return url.Contains("?") ? url.Substring(0, indexOfParam) : nameWithQuery;
}
#endregion
}
}
相關文章
- 【ASP.NET Core】使用最熟悉的Session驗證方案ASP.NETSession
- ASP.NET HttpModule——原理ASP.NETHTTP
- 在asp.net handler 中 使用 sessionASP.NETSession
- asp.net 角色身份驗證的使用ASP.NET
- Asp.net中基於Forms驗證的角色驗證授權ASP.NETORM
- ASP.NET Core 中簡單Session登入校驗ASP.NETSession
- 也談Asp.net 中的身份驗證ASP.NET
- ASP.NET驗證控制元件的使用ASP.NET控制元件
- 使用Validator做SpringMVC的驗證框架 - Validator前端驗證SpringMVC框架前端
- asp.net mvc中的使用者登入驗證過濾器ASP.NETMVC過濾器
- ASP.NET使用HttpModule壓縮並刪除空白Html請求ASP.NETHTTPHTML
- 在ASP.NET MVC中使用Knockout實踐06,自定義驗證、非同步驗證ASP.NETMVC非同步
- ASP.NET登入驗證ASP.NET
- ASP.NET MVC中使用FluentValidation驗證實體ASP.NETMVC
- 簡聊 Session 與 Token 身份驗證Session
- jsp 做http驗證JSHTTP
- Asp.net下使用HttpModule模擬Filter,實現許可權控制ASP.NETHTTPFilter
- Session使用的經驗Session
- asp.net驗證碼應用ASP.NET
- Asp.Net MVC 身份驗證-FormsASP.NETMVCORM
- ASP.NET MVC驗證碼演示ASP.NETMVC
- Asp.net MVC中表單驗證ASP.NETMVC
- ASP.Net WebService 身份驗證 FormsASP.NETWebORM
- Asp.Net 構架(HttpModule 介紹) - Part.3ASP.NETHTTP
- ASP.NET三劍客 HttpApplication HttpModule HttpHandler 解析ASP.NETHTTPAPP
- 在ASP.NET MVC中使用Knockout實踐05,基本驗證ASP.NETMVC
- 【Hover】ASP.Net實現驗證碼!ASP.NET
- ASP.NET Core中介軟體與HttpModule有何不同ASP.NETHTTP
- ElasticSearch 通過nginx做HTTP驗證ElasticsearchNginxHTTP
- AngularJS 如何做身份驗證AngularJS
- Asp.net中多專案共享Session (轉)ASP.NETSession
- MVC學習筆記之:ASP.NET MVC的客戶端驗證-jQuery.validate驗證結合Model驗證中的實現MVC筆記ASP.NET客戶端jQuery
- Tensorflow使用初體驗:SessionSession
- 使用JWT做RESTful API的身份驗證-Go語言實現JWTRESTAPIGo
- 使用HttpModule實現URL重寫HTTP
- [ASP.NET MVC 小牛之路]16 - Model 驗證ASP.NETMVC
- 資料驗證的asp.net程式 (轉)ASP.NET
- HttpApplication,HttpModule,HttpContext及Asp.Net頁生命週期HTTPAPPContextASP.NET