Implement Identity Authentication in Asp.net using the internal mechanism of. net

There are some default mechanisms in. net, specifically as follows:
(1) If the instance fields of the class do not have an initial value, they will be assigned a default value, the default value for the reference type field is null, and the simple Value Type field (that is, the value type) the default value is the corresponding form of 0 (for example, sbyte, byte, short, ushort, Int, uint, long, And ulong are both 0, while the default value of the char type field is '/0x0000 ', float fields are 0.0f and double fields are 0.0d ).
(2) If a static field is assigned an initial value in the class, a static constructor is automatically generated to complete the initial value assignment in the static function.
(3) If a class does not explicitly specify the class from which it is derived, it will be derived from the object class by default.
(4) If a class does not define any constructor, a constructor is generated for the class by default.
(5) When a non-static constructor of the subclass is called, the constructor of the parent class is called by default. For example, if a inherits B, B inherits C, and C does not specify the class to be inherited (in fact, the object is inherited), then when instantiating a, B's constructor will be called first, when the constructor is called, the constructor of C is called. When the constructor of C is called, the object constructor is called. Therefore, when an object A is instantiated, there will be a series of constructor calls internally. For the inheritance level above, the calling sequence of constructor is from first to second: Object-> C-> B->.
The following code demonstrates this process:

Using system; </P> <p> Public Class C <br/>{< br/> Public C () <br/>{< br/> console. writeline ("C"); <br/>}< br/> Public Class B: C <br/>{< br/> Public B () <br/> {<br/> console. writeline ("B"); <br/>}< br/> Public Class A: B <br/>{< br/> Public () <br/> {<br/> console. writeline ("A"); <br/>}</P> <p> public class Demo: A <br/>{< br/> static int d = 5; <br/> Public demo () <br/>{< br/>}< br/> Public static void main () <br/>{< br/> demo d = new demo (); <br/> console. readline (); <br/>}< br/>}

Compile the above program into a console application. The execution result is as follows:
 
If you open the generated demo.exefile with ildasm.exe, you will see the following situation:
 

None of the above is my focus today, but we can use them to implement some functions. In the early days when I was developing projects, I always felt a lot of trouble when I was doing background identity control. Every page would write code to check whether the user was logged on. Later, Asp. after net2.0 comes out, the dashboard page is used, so that user authentication can be controlled in the load event on the dashboard page. In this way, the function can be completed. However, because the load event on the parent board page is later than the load event on the content page, you can check the user identity to see part of the content on the page.
Using the (5) mechanism above, we can better solve this problem. We can first define a base class for all pages in the background that require authentication. This base class inherits from system. web. UI. page class. web. UI. page class ). The class corresponding to this page must be instantiated until a page is accessed. Because the internal mechanism must first call the constructor defined in the base class we have compiled (if any, then, the egg and egg are traced back to the object class, but we don't need to worry about them ). We should start with the construction method of the custom base class. At this time, there are two options:
First, perform authentication directly on the base class constructor, for example, in the base class constructor, check whether a session or cookie with a specific name exists in the cookie or session set (using session or using cookie or both depends on the specific project requirements ), the session or cookie with the specific name is set only when the user logs on to the background. Therefore, as long as the cookie or session exists, the user can be judged to have logged on.
Second, some mechanisms are used for processing. For example, in the base class constructor, the necessary events in the lifecycle of an Asp.net page are used for processing. For example, this constructor defines the processing method of an event of the base class and determines the identity in this processing method.
I remember someone saying, "the most direct method is often the most difficult one ." In the above method, the first one cannot be implemented, because during the call of the constructor, a lot of information has just been initialized and many have not yet been initialized, in the construction method of the base class, the session and cookie are not instantiated.
It seems that only the second method is used. I should be impressed by my friends who have read "Asp.net's" Five: page class and callback technology "and all page classes will experience a loading event, we choose to define the loading event handling method of the base class in the base class constructor, and check whether the user logs on to the base class. As to why we should choose this event instead of other events, it is because some events have occurred too early, for fear of session and cookie unavailability, and some events are too late, loading events is just right (Guo Degang has a song called "just right", haha ).
Because our base class does not display any code, we can add a class file in the project. The Code is as follows:

Using system; <br/> using system. data; <br/> using system. configuration; <br/> using system. web; <br/> using system. web. security; <br/> using system. web. ui; <br/> using system. web. UI. webcontrols; <br/> using system. web. UI. webcontrols. webparts; <br/> using system. web. UI. htmlcontrols; </P> <p> /// <summary> <br/> // adminpage is the base class of all pages in the background that require authentication. <br/> // </Summary> <br/> public class adminpage: system. web. UI. page <br />{< Br/> Public adminpage () <br/>{< br/> // process the loading event <br/> This. load + = new eventhandler (adminpage_load); <br/>}</P> <p> void adminpage_load (Object sender, eventargs E) <br/> {<br/> // assume that a session named "userinfo" is set after the user logs on successfully. <br/> // assume that the user logs on to the login page. aspx is located in the admin file under the root directory of the website <br/> If (session ["userinfo"] = NULL) <br/>{< br/> // use ~ To ensure that no matter what directory level authentication can jump to the background login page <br/> response. Redirect ("~ /Admin/login. aspx "); <br/>}< br/>}

In this way, for any page in the background that requires authentication, you only need to change it to inherit from the adminpage class, so that no authentication code is required in these classes.
The following is the code of a class. There is no code written manually, but it can be verified because it inherits from the adminpage class:

Using system; <br/> using system. data; <br/> using system. configuration; <br/> using system. collections; <br/> using system. web; <br/> using system. web. security; <br/> using system. web. ui; <br/> using system. web. UI. webcontrols; <br/> using system. web. UI. webcontrols. webparts; <br/> using system. web. UI. htmlcontrols; </P> <p> Public partial class admin_news_index: adminpage <br/> {<br/> protected void page_load (Object sender, eventargs E) <br/>{</P> <p >}< br/>}

The above processing method can be further processed. For example, some pages not only require users to log on, but also require users to have relevant permissions. Readers can use this idea to achieve this. In addition, you can also use this mechanism for other business processing.

Zhou Gong (Zhou Jinqiao)

 

In addition, "Asp.net" test video Chapter IV has been recorded and released, can go to the http://blog.xunlei.com/web/category.html? Uin = zhoufoxcn & category_id = 1847 download. This release changes all previous release formats to Avi.