HttpModule实现简单权限限制访问
"权限限制访问"几乎每个程序员在做系统时都会用到。就我而言会用一下三种方法来实现:
1 using System;
2 using System.Data;
3 using System.Configuration;
4 using System.Web;
5 using System.Web.Security;
6 using System.Web.UI;
7 using System.Web.UI.WebControls;
8 using System.Web.UI.WebControls.WebParts;
9 using System.Web.UI.HtmlControls;
10 using DataControl;
11
12 namespace HM
13 {
14 public class UserControl : IHttpModule
15 {
16
17 #region IHttpModule
18
19 public void Dispose()
20 {
21
22 }
23
24 public void Init(HttpApplication context)
25 {
26 context.BeginRequest += new System.EventHandler(httpApplication_BeginRequest);
27
28 }
29
30 #endregion
31
32 #region Registered event handlers
33 public void httpApplication_BeginRequest(object sender, EventArgs e)
34 {
35 HttpApplication httpApplication = (HttpApplication)sender;
36
37
38 HttpCookie UserCookie = httpApplication.Context.Request.Cookies["UserCookie"];
39
40
41 //如果用户未登录就跳转到登录界面
42 if (UserCookie == null)
43 {
44
45 httpApplication.Context.Response.Redirect("/Portal/ProtalLogin.aspx");
46
47 }
48
49 //根据当前路径取得用户权限
50 DataTable dt = Authority.GetAuthorityByUserAndPath(UserCookie["UserID"], httpApplication.Context.Request.RawUrl);
51 if (dt.Rows.Count == 1)
52 {
53 UserCookie["ISVIEW"] = dt.Rows[0]["ISVIEW"].ToString();
54 UserCookie["ISADD"] = dt.Rows[0]["ISADD"].ToString();
55 UserCookie["ISUPDATE"] = dt.Rows[0]["ISUPDATE"].ToString();
56 UserCookie["ISDELETE"] = dt.Rows[0]["ISDELETE"].ToString();
57 UserCookie["ISCONFIRM"] = dt.Rows[0]["ISCONFIRM"].ToString();
58
59 }
60 else
61 {
62 UserCookie["ISVIEW"] = "0";
63 UserCookie["ISADD"] = "0";
64 UserCookie["ISUPDATE"] = "0";
65 UserCookie["ISDELETE"] = "0";
66 UserCookie["ISCONFIRM"] = "0";
67
68 }
69 }
70
71
72 #endregion
73
74 if (UserCookie["ISVIEW"].ToString().Equals("0"))
75 {
76
77 httpApplication.Context.Response.Redirect("/Portal/ProtalLogin.aspx");
78
79 }
80
81 }
82 }
83
1 using System;
2 using System.Data;
3 using System.Configuration;
4 using System.Collections;
5 using System.Web;
6 using System.Web.Security;
7 using System.Web.UI;
8 using System.Web.UI.WebControls;
9 using System.Web.UI.WebControls.WebParts;
10 using System.Web.UI.HtmlControls;
11 using DataControl;
12
13 namespace DataControl
14 {
15 public class UpdateButton : System.Web.UI.WebControls.Button
16 {
17 public UpdateButton()
18 {
19 HttpCookie UserCookie = this.Context.Request.Cookies["UserCookie"];
20 if (UserCookie != null)
21 {
22 string IsSave = UserCookie["ISUPDATE"];
23 if (IsSave.Equals("1"))
24 {
25 this.Enabled = true;
26
27 }
28 else
29 {
30 this.Enabled = false;
31
32 }
33
34 }
35
36 }
37
38 }
39 }
40
- 写一个权限管理函数,在每个代码隐藏文件中的Page_Load函数中调用。这种方法很低级,代码量很大,如果系统很大的化,那简直就是一场灾难。
- 撰写一个继承System.Web.UI.Page 基类的BasePage类,然后再 BasePage类继承的OnInit 方法中填写权限管理的代码。然后在系统的每个代码隐藏文件中的Page类继承BasePage类就OK了。使用这种方法虽然能够有效的解决代码重用问题,但是想想如果忘了让Page累继承BasePage类,那将会变成系统安全的一个漏洞......
- 用HttpModule来实现"权限限制访问"相对简单多了,也可以有效解决以上问题,以下是自己写的代码示例(VS2005),请路过的朋友不要见笑,并提出宝贵意见。
- 文件->添加新项目->Visual C#->类库
1 using System;
2 using System.Data;
3 using System.Configuration;
4 using System.Web;
5 using System.Web.Security;
6 using System.Web.UI;
7 using System.Web.UI.WebControls;
8 using System.Web.UI.WebControls.WebParts;
9 using System.Web.UI.HtmlControls;
10 using DataControl;
11
12 namespace HM
13 {
14 public class UserControl : IHttpModule
15 {
16
17 #region IHttpModule
18
19 public void Dispose()
20 {
21
22 }
23
24 public void Init(HttpApplication context)
25 {
26 context.BeginRequest += new System.EventHandler(httpApplication_BeginRequest);
27
28 }
29
30 #endregion
31
32 #region Registered event handlers
33 public void httpApplication_BeginRequest(object sender, EventArgs e)
34 {
35 HttpApplication httpApplication = (HttpApplication)sender;
36
37
38 HttpCookie UserCookie = httpApplication.Context.Request.Cookies["UserCookie"];
39
40
41 //如果用户未登录就跳转到登录界面
42 if (UserCookie == null)
43 {
44
45 httpApplication.Context.Response.Redirect("/Portal/ProtalLogin.aspx");
46
47 }
48
49 //根据当前路径取得用户权限
50 DataTable dt = Authority.GetAuthorityByUserAndPath(UserCookie["UserID"], httpApplication.Context.Request.RawUrl);
51 if (dt.Rows.Count == 1)
52 {
53 UserCookie["ISVIEW"] = dt.Rows[0]["ISVIEW"].ToString();
54 UserCookie["ISADD"] = dt.Rows[0]["ISADD"].ToString();
55 UserCookie["ISUPDATE"] = dt.Rows[0]["ISUPDATE"].ToString();
56 UserCookie["ISDELETE"] = dt.Rows[0]["ISDELETE"].ToString();
57 UserCookie["ISCONFIRM"] = dt.Rows[0]["ISCONFIRM"].ToString();
58
59 }
60 else
61 {
62 UserCookie["ISVIEW"] = "0";
63 UserCookie["ISADD"] = "0";
64 UserCookie["ISUPDATE"] = "0";
65 UserCookie["ISDELETE"] = "0";
66 UserCookie["ISCONFIRM"] = "0";
67
68 }
69 }
70
71
72 #endregion
73
74 if (UserCookie["ISVIEW"].ToString().Equals("0"))
75 {
76
77 httpApplication.Context.Response.Redirect("/Portal/ProtalLogin.aspx");
78
79 }
80
81 }
82 }
83
- 文件->添加新项目->Visual C#->类库:(将控件修改为能够自动感知权限的控件)
1 using System;
2 using System.Data;
3 using System.Configuration;
4 using System.Collections;
5 using System.Web;
6 using System.Web.Security;
7 using System.Web.UI;
8 using System.Web.UI.WebControls;
9 using System.Web.UI.WebControls.WebParts;
10 using System.Web.UI.HtmlControls;
11 using DataControl;
12
13 namespace DataControl
14 {
15 public class UpdateButton : System.Web.UI.WebControls.Button
16 {
17 public UpdateButton()
18 {
19 HttpCookie UserCookie = this.Context.Request.Cookies["UserCookie"];
20 if (UserCookie != null)
21 {
22 string IsSave = UserCookie["ISUPDATE"];
23 if (IsSave.Equals("1"))
24 {
25 this.Enabled = true;
26
27 }
28 else
29 {
30 this.Enabled = false;
31
32 }
33
34 }
35
36 }
37
38 }
39 }
40
- 如何调用权限管控代码(文件->新建网站)
在Web.Config文件中添加调用代码:
<system.web>
<httpModules>
<add name="UserControl" type="HM.UserControl,SQMSHttpModule"/>
</httpModules>
</system.web>
在页面中调用自动感知权限的控件:
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Defaule.aspx.cs" Inherits="Defaule" %>
<!--注册权限感知控件代码-->
<%@ Register TagPrefix="Authority" Namespace="DataControl" Assembly="DataControl" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div >
<Authority:UpdateButton ID="btnChange" runat="server" Text="Change The System Description" />
</div>
</form>
</body>
</html>
Notices: 请不要在有登录页的模块中调用HttpModule,否则会在登录页面造成跳转死循环。
