【验证授权】CustomAuthorizationService
WCSF的实现方法
WCSF通过 EnterpriseLibraryAuthorizationService 来实现“user -> role -> rule -> web url”的授权机制,相关的代码如下:
- 注册服务(Shell 工程的 ShellModuleInitializer.cs 文件)
代码1 protected virtual void AddGlobalServices(IServiceCollection globalServices)
2 {
3 globalServices.AddNew<EnterpriseLibraryAuthorizationService, IAuthorizationService>();
4 ...
5 } - 实现服务(内部注册并实现了 Web 应用程序的 AuthorizeRequest 事件处理)
代码1 public void Init(HttpApplication httpApplication)
2 {
3 ICompositionContainer rootContainer = httpApplication.Application[ApplicationConstants.RootContainer] as ICompositionContainer;
4 if (rootContainer != null)
5 {
6 httpApplication.AuthorizeRequest += delegate(object sender, EventArgs e)
7 {
8 IHttpContext context = new Microsoft.Practices.CompositeWeb.Web.HttpContext(httpApplication.Context);
9 HandleAuthorization(rootContainer, context);
10 };
11 }
12 }
13
14 protected virtual void HandleAuthorization(ICompositionContainer rootContainer, IHttpContext context)
15 {
16 if (context.SkipAuthorization) return;
17 IAuthorizationRulesService authorizationRulesService = rootContainer.Services.Get<IAuthorizationRulesService>();
18 IVirtualPathUtilityService virtualPathUtility = rootContainer.Services.Get<IVirtualPathUtilityService>();
19 if (authorizationRulesService == null) return;
20 string[] rules = authorizationRulesService.GetAuthorizationRules(virtualPathUtility.ToAppRelative(context.Request.Path));
21 if (rules == null || rules.Length == 0) return;
22
23 IAuthorizationService authorizationService = rootContainer.Services.Get<IAuthorizationService>(true);
24 foreach (string rule in rules)
25 {
26 if (!authorizationService.IsAuthorized(rule))
27 {
28 throw new HttpException(403, Properties.Resources.UserDoesntHaveAccessToTheRequestedResource);
29 }
30 }
31 }
32
自定义实现方法
- 实现自定义的验证逻辑
- 注册自定义服务
代码1 protected virtual void AddGlobalServices(IServiceCollection globalServices)
2 {
3 globalServices.AddNew<CustomAuthorizationService, IAuthorizationService>();
4
5 // globalServices.AddNew<EnterpriseLibraryAuthorizationService, IAuthorizationService>();
6 ...
7 }
8
posted on 2010-04-26 14:40 CsharpStyle 阅读(424) 评论(0) 编辑 收藏 举报