Application of ASP. NET Filter

A filter is available in J2EE Web development. The filter can intercept specified URL access and execute the filter method. Based on the actual application, you can modify the Request Code and determine the session information in the filter, or perform permission control. In short, this filter is very meaningful. It can be said that it is an application of the responsibility chain design pattern in J2EE.

Can such a filter structure be defined in ASP. NET and corresponding logical operations can be performed in the filter? The answer is yes. This article will show you how to configure a filter to the Web application of IIS.

Process 1: How to Write a filter

Writing a filter is actually writing a filter class, that is, writing an HttpModule module. This filter should implement the IHttpModule base class and rewrite the Init method. An actual example is as follows:

This is a PageFilter. cs

Using System;
Using System. Web;
Using System. Web. SessionState;
Using System. Collections. Generic;
Using System. Collections;
Using System. Text;
Using System. IO;

Public class PageFilter: IHttpModule
{
Public String ModuleName
{
Get {return "PageFilter ";}
}

// Register HttpApplication In the Init Method
// Register an event through delegation
Public void Init (HttpApplication application)
{
Application. AcquireRequestState + = new EventHandler (Application_AcquireRequestState );
}

Private void Application_AcquireRequestState (Object source, EventArgs e)

{

HttpApplication application = (HttpApplication) source;
HttpContext context = application. Context;
HttpSessionState session = context. Session;
HttpRequest request = context. Request;
HttpResponse response = context. Response;
String contextPath = request. ApplicationPath;
}
}

It should be noted that the "filter" can also be called an "Interceptor", that is, the process of intercepting the entire HTTP Request/response, because the whole request/response process can be divided into many stages, this involves a problem, that is, the stage at which your filter is blocked. In the Init function above, you can define the specific stage to intercept, for example, the above interception is the stage of generating a request session, and AcquireRequestStat is the representative of this state, and the corresponding processing function after interception is Application_AcquireRequestState. Therefore, the following defines an Application_AcquireRequestState method, in this method, a series of objects such as application, context, session, request, and response can be obtained through forced type conversion, you can write the core business logic, for example, determine whether the current URL access is valid, and check whether the current access is accessed by the user after login.

In addition, since there are many phases in the interception process, how can we intercept other phases? This should be simple. Just like the above Logic definition in Init:

Application. Standard name of Stage 1 + = new EventHandler (name of the processing method corresponding to this stage 1 );
Application. Standard name of stage 2 + = new EventHandler (name of the processing method corresponding to this stage 2 );
...

The standard stage name indicates that these stages have standard names and are the standard properties of the application object, such as the above AcquireRequestState, there are also many stages such as BeginRequest, AuthenticateRequest, AuthorizeRequest, ResolveRequestCache, AcquireRequestState, lifecycle, events, ReleaseRequestState, UpdateRequestCache, and EndRequest. These stages have specific meanings.

The name of the processing method corresponding to this stage is actually the method you have defined for the processing of this stage. The preceding example does not explain much.

Another point worth special attention is that there are so many stages to intercept, but in actual applications, we usually intercept one or two stages, note that some server objects can be intercepted only at a specific stage. For example, Session objects do not exist in the BeginRequest stage and are available in the AcquireRequestState and later stages, therefore, we need to intercept specific stages based on actual needs. This is the most common problem for new users.

Process 2: how to configure Filtering

We have compiled. the cs file filter, so how to make this filter take effect, this requires configuration, the default will certainly not intercept, You need to configure this filter to the Application Web. in the config file, the configuration of the preceding example is as follows:

<Configuration>
<System. web>
<HttpModules>
<Add name = "pageModule" type = "PageFilter"/>
</HttpModules>
</System. web>
</Configuration>

 

In this case, the configuration is complete, and then the website is released to generate the dll. Then, the URL access will be automatically blocked, but remember one thing, by default, all requests to the application will be intercepted. If you want to block a specific request, for example, to only intercept requests to the aspx file, then you can add the judgment on the file Suffix in the filter logic. If it is not aspx, just let it go.