using System; using System.Web; using System.Security.Principal; namespace MyModules { public class CustomModule : IHttpModule { public CustomModule() { } public void Dispose() { } public void Init(HttpApplication app) { //建立安全模块 app.AuthenticateRequest += new EventHandler(this.AuthenticateRequest); } private void AuthenticateRequest(object o, EventArgs e) { HttpApplication app = (HttpApplication)o; HttpContext content = (HttpContext)app.Context; if ((app.Request["userid"] == null) || (app.Request["password"] == null)) { content.Response.Write("未提供必需的参数!!"); content.Response.End(); } string userid = app.Request["userid"].ToString(); string password = app.Request["password"].ToString(); string[] strRoles = AuthenticateAndGetRoles(userid, password); if ((strRoles == null) || (strRoles.GetLength(0) == 0)) { content.Response.Write("未找到相配的角色!!"); app.CompleteRequest(); } GenericIdentity objIdentity = new GenericIdentity(userid, "CustomAuthentication"); content.User = new GenericPrincipal(objIdentity, strRoles); } private string[] AuthenticateAndGetRoles(string r_strUserID, string r_strPassword) { string[] strRoles = null; if ((r_strUserID.Equals("Steve")) && (r_strPassword.Equals("15seconds"))) { strRoles = new String[1]; strRoles[0] = "Administrator"; } else if ((r_strUserID.Equals("Mansoor")) && (r_strPassword.Equals("mas"))) { strRoles = new string[1]; strRoles[0] = "User"; } return strRoles; } } }
【IT168技术文档】
页面请求过程:
根据这个流程,网上一般的权限验证在:
Http.Module.AuthorizeRequest
Http.Module.PreRequestHandlerExecute
例如使用前者:
