标签:
一:拦截对该服务器所有的http请求。
在config 中加,
<system.webServer> <modules> <add name="HttpAuthvalid" type="YGPT.Country.Auth.HttpAuthvalid"/> </modules> </system.webServer>
然后每次http请求都先进这个类(这个类需要继承
System.Web.IHttpModule
)
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Threading.Tasks; using System.Web; using Newtonsoft.Json; namespace YGPT.Country.Auth { /// <summary> /// 权限验证 /// </summary> public class HttpAuthvalid : System.Web.IHttpModule { public void Dispose() { //此处放置清除代码。 } public void Init(HttpApplication context) { context.AcquireRequestState += new EventHandler(SystemProcess); } /// <summary> /// 系统访问处理 (系统资源加载,权限验证等) /// </summary> void SystemProcess(object sender, EventArgs e) { HttpApplication application = (HttpApplication)sender;// 获取应用程序 string url = application.Request.Url.AbsolutePath.ToString();// 获取Url if (url == "/setToken")//如果是设置令牌 { if (!string.IsNullOrEmpty(application.Context.Request["param"])) { HttpCookie cookie = application.Request.Cookies["YGPT_SESSIONID"]; if (cookie == null) { cookie = new HttpCookie("YGPT_SESSIONID"); } //组合重置cookie 令牌 cookie.Value = application.Context.Request["param"] + YGPT.Country.Auth.EncryptDecrypt.AESEncrypt(YGPT.Country.Auth.Config.DesToValue + DateTime.Now.ToString("yyyyMMdd"), Config.DecryptKey); cookie.HttpOnly = true; cookie.Expires = DateTime.Now.AddDays(100); application.Response.AppendCookie(cookie); application.Response.Write("JsonpHandler({\"result\":\"1\"})");//成功 application.Response.End(); return; } else { application.Response.Write("JsonpHandler({\"result\":\"0\"})");//失败 application.Response.End(); return; } } if (application.Request.Cookies["YGPT_SESSIONID"] == null || string.IsNullOrEmpty(application.Request.Cookies["YGPT_SESSIONID"].Value)) { application.Response.Redirect(YGPT.Country.Auth.Config.TimeOutUrl);//跳转到超时页面 application.Response.End(); return; } //string PermisWeburl = System.Configuration.ConfigurationManager.AppSettings["PermisWeburl"]; //string[] pweburls = PermisWeburl.Split(‘,‘); //for (int i = 0; i < pweburls.Length; i++) //{ // if (url.Contains(pweburls[i]))//登录超时 没权限不做验证 // { // return; // } //} if (System.Configuration.ConfigurationManager.AppSettings["workingmode"] != "deve") { if (url.IndexOf(".aspx") >= 0)//页面权限 { User myuser = CurrentUser.GetUser(); if (myuser.UserID.ToUpper() == "ADMIN") { return; } /*验证页面权限*/ YGPT.Country.Auth.SystypeValue sv = new SystypeValue(); sv.SysType = Config.SystemType; sv.ValueName = url; if (myuser.PageHandButton.PageCollect.Contains(sv)) { ///跳转到无权限页面 CurrentUser.Goto_NoPermission(); } } else if (url.IndexOf(".ashx") >= 0)//http请求权限 { User myuser = CurrentUser.GetUser(); application.Response.ContentType = "text/plain"; application.Response.Buffer = true; application.Response.ExpiresAbsolute = DateTime.Now.AddDays(-1); application.Response.AddHeader("pragma", "no-cache"); application.Response.AddHeader("cache-control", ""); application.Response.CacheControl = "no-cache"; if (CurrentUser.Userid.ToUpper() == "ADMIN") { return; } //验证请求权限 ////数据处理必须包含 req 参数 if (string.IsNullOrEmpty(application.Context.Request["req"])) { ///跳转到无权限页面 application.Response.Write(JsonConvert.SerializeObject("NoPermission")); application.Response.End(); } string UrlAndQu = url + "?req=" + application.Context.Request["req"]; YGPT.Country.Auth.SystypeValue sv = new SystypeValue(); sv.SysType = Config.SystemType; sv.ValueName = UrlAndQu; if (myuser.PageHandButton.PageCollect.Contains(sv)) { ///返回无权限信息 application.Response.Write(JsonConvert.SerializeObject("NoPermission")); application.Response.End(); return; } } } } public void OnLogRequest(Object source, EventArgs e) { //可以在此放置自定义日志记录逻辑 } } }
标签:
原文地址:http://www.cnblogs.com/wlzhang/p/4551177.html