Httpmodules implements functions similar to ISAPI filter. Generally, the following steps are required during development: 1. Write a class to implement the ihttpmodule Interface 2. Implement the init method and register the required Method 3. Registration Method 4. Implement the dispose method. If you need to manually clear the class, you can add the implementation of the dispose method, but this is not necessary. Generally, you can not add anyCode. 5. register the class you have written in the web. config file. The following is an example of httpmodules. In this example, only the beginrequest and endrequest events of httpapplication are registered, and relevant information is printed out through the implementation of these events.
Example 1: using system; using system. web; namespace mymodule {public class mymodule: ihttpmodule {public void Init (httpapplication application) {application. beginrequest + = (New eventhandler (this. application_beginrequest); application. endrequest + = (New eventhandler (this. application_endrequest);} private void application_beginrequest (Object source, eventargs e) {httpapplication application = (httpapplication) source; httpresponse response = application. context. response; response. write (" |
ProgramREFERENCE The following namespace:
Using system; using system. Web; |
Because classes such as httpapplication, httpcontext, and httpresponse are defined in system. Web, system. Web namespaces must be referenced. The mymodule class implements the ihttpmodule interface. The init method specifies the method for implementing the beginrequest and endrequest events. In the two methods, some information is simply printed separately. Next, register this class in the web. config file and you can use this httpmodule. The registration method is as follows:
<Configuration> <system. web> |
Now let's take a look at the effect. Compile An ASPX page test. aspx with the following content:
After running: In-depth research on httpmodule Httpmodule processes a series of events of the httpapplication object to influence the HTTP processing pipeline. These events are registered in the init method of httpmodule, including:
Beginrequest authenticaterequest authorizerequest resolverequestcache acquirerequeststate prerequesthandlerexecute postrequesthandlerexecute releaserequeststate updaterequestcache endrequest |
Some of the events correspond to events in global. asax. The corresponding relationship is as follows:
Httpmodule |
Global. asax |
Beginrequest |
Application_beginrequest |
Authenticaterequest |
Application_authenticaterequest |
Endrequest |
Application_endrequest |
In example 1, The beginrequest and endrequest events are processed. The processing methods for other events are similar. According to httphandler, some of these events occur before httphandler, and some occur after httphandler completes processing. It is very important to understand the sequence of events, because the objects on the server have different performance in different time periods. One example is the use of session. Not all events can process sessions, but only a limited number of events. For detailed procedures, refer to the following HTTP request processing lifecycle diagram. Use httpmodule to implement the Permission System When developing an application system, permission control of the application system is very important. In ASP, permission control is troublesome, because we must add permission control code to each ASP page that requires permission control to control access to the page. In addition to writing a large number of repeated code, the permission control module is closely coupled with the business processing module to modify the permission control module, it often brings about a lot of modifications and even a lot of bugs. Therefore, we need to decouple the permission control and business processing modules so that the two parts can be developed and modified independently without affecting each other or minimizing the impact. In JSP programs, this goal can be achieved by introducing a front-end controller to implement permission filtering (for details about the front-end controller mode, see the J2EE Core mode book). In ASP. NET, we can use httpmodule to achieve the same effect. The following describes the implementation process. First, we will build a permission processing system that can detect whether a user has access to a module's functions (the specific structure, I think, readers should have access to this part of programming, so I will not go into details). The definitions of the permission verification class exposed to client calls are as follows:
Public class rightchecker {public static bool hasright (User user, module) {// perform permission verification ,}} |
Then, we use httpmodule to write a filter:
Using system; using system. web; namespace mymodule {public class mymodule: ihttpmodule {public void Init (httpapplication application) {application. acquirerequeststate + = (New eventhandler (this. application_acquirerequeststate);} private void application_acquirerequeststate (Object source, eventargs e) {httpapplication application = (httpapplication) source; user = application. context. sesse Ion ["user"] // obtain user string url = application. context. request. path; // obtain the module on the page accessed by the customer = // obtain the module if (! Rightchecker. hasright (user, module) application. context. server. transfer ("errorpage. aspx "); // if you do not have the permission, boot to the error handling page} public void dispose (){}}} |
follow the method described above to register this class in Web. config, and then our application system will have the permission management function. How is it better than the original method? |