定义一个网站全局的 HttpModule ,用来验证客户端是否重复提交数据和是否跨站点提交数据
2011-04-25 11:29 音乐让我说 阅读(447) 评论(2) 编辑 收藏 举报直接帖代码:
using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.Security; namespace WebUI.tempFolder { public class GlobalHttpModule : IHttpModule { public void Dispose() { } public void Init(HttpApplication context) { context.BeginRequest += new EventHandler(context_BeginRequest); } public bool HttpPost { get { return HttpContext.Current.Request.HttpMethod.Equals("POST"); } } public bool IsCrossSitePost { get { if (HttpPost) { if (Convert.ToString(HttpContext.Current.Request.UrlReferrer).Length < 7) { return true; } Uri u = new Uri(Convert.ToString(HttpContext.Current.Request.UrlReferrer)); return u.Host != HttpContext.Current.Request.Url.Host; } return false; } } private static string MD5(string Input, bool Half) { string text1 = FormsAuthentication.HashPasswordForStoringInConfigFile(Input, "MD5").ToLower(); if (Half) { text1 = text1.Substring(8, 0x10); } return text1; } private bool IsReSubmit(ref HttpApplication context, out string errorMessage) { errorMessage = null; string cookieValue = (context.Request.Cookies["token"] == null) ? string.Empty : context.Request.Cookies["token"].Value; string formValue = MD5((context.Request.Form == null) ? string.Empty : context.Request.Form.ToString(), true); if (cookieValue != formValue) { context.Response.Cookies["token"].Value = formValue; return false; } return true; } public void context_BeginRequest(object sender, EventArgs e) { HttpApplication context = sender as HttpApplication; if (IsCrossSitePost) { //跨站点提交,被禁止 context.Response.Redirect("~/Default.aspx"); context.Response.End(); } if (HttpPost) { string errorMessage; bool IsReSubmitFlag = IsReSubmit(ref context, out errorMessage); if (IsReSubmitFlag) { //重复提交 context.Context.Items["error"] = "不允许重复提交"; } } } } }
最后在 web.config 中注册
<httpModules> <add name="GlobalHttpModule" type="WebUI.tempFolder.GlobalHttpModule"/> </httpModules>
谢谢浏览!
作者:音乐让我说(音乐让我说 - 博客园)
出处:http://music.cnblogs.com/
文章版权归本人所有,欢迎转载,但未经作者同意必须保留此段声明,且在文章页面明显位置给出原文连接,否则保留追究法律责任的权利。