Asp. HttpModule of custom HTTP processing and application in net

asp.net

HttpHandler implements functionality similar to the ISAPI extention, which handles requests (request) information and sends a response (Response). The implementation of the HttpHandler function is achieved by implementing the IHttpHandler interface. The HttpModule implements a function similar to ISAPI filter.

The realization of HttpModule

HttpModules implements functionality similar to ISAPI filter, which is typically developed through the following steps:

1. Write a class to implement the IHttpModule interface

2. Implementing the Init method, and registering the required method

3. Ways to achieve registration

4. To implement the Dispose method, you can add an implementation of the Dispose method if you need to do some cleanup work for the class manually, but this is not required, and you can usually add no code for the Dispose method.

5. In the Web.config file, register the class you wrote

The following is an example of a httpmodules, in which the HttpApplication beginrequest and endrequest events are simply registered, and the relevant information is printed through the implementation of these events.

Example 1:using system;using system.web; Namespace Mymodule{public class Mymodule:ihttpmodule {public void Init (HttpApplication application) {application. BeginRequest = (new EventHandler (this. Application_BeginRequest)); application. endrequest = (new EventHandler (this. application_endrequest));} private void Application_BeginRequest (Object source, EventArgs e) {HttpApplication application = (HttpApplication) source; HttpResponse Response=application.context.response; Response.Write ("

The beginning of the program references the following namespaces:

Using system;using system.web;

Because classes such as HttpApplication, HttpContext, HttpResponse are defined in System.Web, the System.Web namespace must be referenced.

The MyModule class implements the IHttpModule interface. In the Init method, the methods to implement beginrequest and endrequest events are indicated. In both of these methods, it is simply printing some information separately.

Below, register this class in the Web.config file, you can use this HttpModule, the registration method is as follows:

<configuration> <system.web>

Now look at the effect. Write an ASPX page test.aspx, which reads as follows:

<%response.write ("

After running the interface as shown in the figure:

In-depth study of HttpModule

HttpModule affects HTTP processing pipelines by handling a series of events for the HttpApplication object, which are registered in the HttpModule init method, including:

Beginrequestauthenticaterequestauthorizerequestresolverequestcacheacquirerequeststateprerequesthandlerexecutepostrequesth Andlerexecutereleaserequeststateupdaterequestcacheendrequest

Some of these events correspond to events in Global.asax, and the corresponding relationships are as follows:

HttpModule	Global.asax
BeginRequest	Application_BeginRequest
AuthenticateRequest	Application_AuthenticateRequest
EndRequest	Application_EndRequest

In Example 1, the beginrequest and endrequest events are handled, and other events are handled in much the same way.

corresponding to HttpHandler, some of these events occur before HttpHandler, and some occur after the HttpHandler process is completed. It is important to understand the order in which the events occur, because the server-side objects behave differently at different time periods. One example is the use of the session. Not all events can be processed in the session, but only in a limited number of events. The detailed process can refer to the following HTTP request processing lifecycle diagram.

Implementing a rights system using HttpModule

When we develop the application system, the privilege control of the application system is a very important part. In ASP, it is troublesome to control the permissions, because we have to control the client's access to the page by adding the permission control code in each ASP page that requires control of the permissions. This brings the problem, in addition to writing a large number of duplicate code, because the authority control part of the business process with the module tightly coupled to the control of the rights of the module, the modification, often bring a lot of modification work, and even caused a lot of bugs.

So, we now need to decouple the rights control and business processing modules so that two parts can be developed and modified independently, without impacting each other, or minimizing the impact. In the JSP program, this goal can be implemented by introducing a front-end controller to filter the permissions (for the front-end controller mode, see "Java EE core mode"). In asp.net, we can use HttpModule to achieve the same effect. Let's look at the implementation process.

First of all, we will build a privilege processing system, can detect a user on a module function has access rights (the specific structure, I think, readers should be exposed to this part of the programming, so no longer repeat), in which, exposed to the client invoke the right to verify the class definition is as follows:

public class Rightchecker{public static bool Hasright (User user,module Module) {//Permissions checksum,}}

We then use HttpModule to write a filter:

Using system;using system.web; Namespace Mymodule{public class Mymodule:ihttpmodule {public void Init (HttpApplication application) {application. AcquireRequestState = (new EventHandler (this. application_acquirerequeststate));} private void Application_acquirerequeststate (Object source, EventArgs e) {HttpApplication application = ( HttpApplication) source; User user=application.context.sesseion["user"] //Get userstring url=application.context.request.path;// Get customer access to page module module=//the module if (! Rightchecker.hasright (User,module)) Application.Context.Server.Transfer ("errorpage.aspx"); If you do not have permissions, boot to the error-handling page}public void Dispose () {}}}

By using this class as described previously, our application system has the privilege management function after registering in web.config. How much better than the way it used to be?

Conclusion

In. NET, Microsoft has greatly simplified the original programming of server extensions, which is very convenient for us to develop, and deserves our in-depth research on this technology.

The author introduces : Sun Yamin, graduated from Nanjing University, Suzhou, a software company technical director, familiar with. NET and Java EE architecture, and UML and rational Rose, you can communicate with him in the author column.