[Translation] The role of HTTP modules in. Net Security Authentication

This section describes how to use HTTP Moudle in Asp.net to create custom security authentication.

First, understand the process of processing Web requests by Asp.net.
Tmfc [translation] Articles on understanding the underlying architecture of ASP. NET

HTTP modules is a basic class that implements the ihttpmodule interface. It is used to process Web requests.
The built-in modules of Asp.net are
Output cache Module
Windows Authentication Module
Forms authentication module
Passport Authentication Module
URL Authorization Module
File authorization Module
We can modify these existing modules to add new functions, or add new modules custom functions. For example, we can customize the Security Module to use the Active Directory.

Modules is executed when HTTP application event is triggered.
The ihttp module has the following two methods:
Init (httpapplication objapplication)
Register event handler for httpapplication events.
Dispose ()
Release the resources.

To customize the m http Module
1. Create a class that implements the ihttpmodule Interface Using system;
Using system. Web;
Namespace custommodule
{
Public class customauthnmodule: ihttpmodule
{
Public customauthnmodule ()
{
}
Public void Init (httpapplication objhttpapp)
{
}
Public void dispose ()
{
}
}
}

2. register events in the init Method Public void Init (httpapplication objhttpapp)
{
Objhttpapp. authenticaterequest + = new eventhanlder (this. customauthentication );
}

3. Compile the processing function for event registration. Private void customauthentication (Object sender, eventargs evtargs)
{
Httpapplication objhttpapp = (httpapplication) sender;
Objhttpapp. Context. response. Write ("custom authentication module is invoked ");
}

4. Add DLL to GAC
1) create a strong name file
Sn-K key. SNK
2) Add the key file to the assemblyinfo. CS attribute assemblykeyfile.
3) gacutil/I custommodule. dll

5. Register httpmodule in Web. config <Httpmodules/> <Add name = "modulename" type = "namespace. classname", "assemlbyname">
</Add>
</Httpmodules>

Instance: a custom module based on database Identity Authentication Using system;
Using system. Web;
Using system. Data;
Using system. Data. sqlclient;
Namespace customauthorizationmodule
{
Public class customauthorizationmodule: ihttpmodule
{
Public customauthorizationmodule ()
{

}
Public void Init (httpapplication objapp)
{
Objapp. authorizerequest + = new
Eventhandler (this. customdbauthorization );
}
Public void dispose ()
{
}
Private void customdbauthorization (Object sender, eventargs
Evtargs)
{
Httpapplication objapplication = (httpapplication) sender;
String sapppath, susrname;
Bool bauthorized = false;
Sapppath = objapplication. Request. filepath. tostring ();
Susrname = objapplication. Request. Params [0]. tostring ();
Bauthorized = dbauthorize (susrname, sapppath );
If (bauthorized)
{
Objapplication. Context. response. Write ("authorized user ");
}
Else
{
Objapplication. Context. response. Write ("unauthorized user ");
Objapplication. response. End ();
}
}
Private string dbauthorize (string susrname, string sapppath)
{
Sqlconnection sqlconn = new sqlconnection ()
Sqlconn. connectionstring = "User ID = sa; Pwd = password; Data Source = localhost; initial

Catalog = northwind ");
Sqlcommand sqlcmd = new sqlcommand ();
Sqlparameter sqlparam = new sqlparameter ();
Sqlcmd. Connection = sqlconn;
Sqlconn. open ();
Sqlcmd. commandtype = commandtype. storedprocedure;
Sqlcmd. commandtext = "sauthorizeurl ";
Sqlparam = sqlcmd. Parameters. Add ("@ username", sqldbtype. varchar, 30 );
Sqlparam = sqlcmd. Parameters. Add ("@ urlpath", sqldbtype. varchar, 40 );
Sqlcmd. Parameters ["@ username"]. value = susrname;
Sqlcmd. Parameters ["@ urlpath"]. value = sapppath;
String res = sqlcmd. executescalar (). tostring ();
If (RES = "authorized ")
{
Return true;
}
Else
{
Return false;
}

}
}
}