Use IHttpHandler for permission control [ASP. NET | IHttpHandler | AjaxPro | UserHostName]

 

Preface

There are usually several schemes when developing permission Control Schemes for projects. For example, let all the ASPX pages inherit a custom PageBase page, and this page inherits the System. web. UI. page; The IHttpModule is used. Let's first compare the two solutions and their applicability. The first solution is ideal and practical, but we often encounter a sudden addition to a project (which may be worse ), they didn't consider this at the beginning, but they did not consider it later. At this time, you find that there have been two hundred or more pages, so it is a great deal of work to re-inherit each page to PageBase, it is inconvenient to make a lot of changes (it is still relatively recommended). At this time, I may have thought of a lazy way to use IHttpModule, but I have to say that the performance is really worrying, all pages, including user controls, are requested once. When you initiate breakpoint debugging, you will find that if there are three user controls on the page, the IHttpModule should be accessed four or more times, with the addition of Ajax access, other pages that are not controlled are also forcibly controlled. Although it will also be accessed by default, it is not ideal !! I have been trying to use IHttpHandler for permission control a long time ago, but I found that the filter in Java is not useful, and he will not continue your request. You need to specify what to do next by yourself, whether to jump to another page or directly return a file stream is determined by you. It is generally used for anti-leech protection and page redirection. I like IHttpHandler, that is, it can control access interception in the specified folder, so that we can control access to the specified folder, next, I will analyze how to implement and solve the problems and solutions.

 

Thanks

[Share] Call the. net default HttpHandler method in the Custom HttpHandler.

There is no solution for this article. Thank you again !!

 

Body

The Web. Config configuration is as follows:

<Add verb = "POST, GET" path = "/page /*. aspx,/page /*/*. aspx,/page /*/*/*. aspx,/page /*/*/*/*. aspx,/page /*/*/*/*/*. aspx "type =" WebLibrary. powerManage. httphandrepowercontrols "/>

The entire IHttpHandler implementation code is as follows:

/// <Summary>
/// This httphandrepowercontrols can control permissions, but when using AjaxPro, AjaxPro. Utility. RegisterTypeForAjax needs to specify the second parameter. Otherwise, an error is reported.
/// For example, AjaxPro. Utility. RegisterTypeForAjax (typeof (_ Default), Page );
/// </Summary>
Public class httphandrepowercontrols: IHttpHandler, IRequiresSessionState
{

/// <Summary>
/// Obtain a value indicating whether other requests can use the System. Web. IHttpHandler instance.
/// </Summary>
Public bool IsReusable
{
Get {return true ;}
}

Public void ProcessRequest (HttpContext context)
{
HttpSessionState session = context. Session;
// Permission judgment
If (session ["uname"]! = Null &&! String. IsNullOrEmpty (session ["uname"]. ToString ()))
{
// Type type = BuildManager. GetCompiledType (path );
// ASP. NET 1.1 Use the following statement to obtain IHttpHandler
// Context. Server. Transfer (PageParser. GetCompiledPageInstance (path, context. Request. PhysicalPath, context), true );
// AjaxPro. Utility. RegisterTypeForAjax (type, handler as Page );
Context. Server. Transfer (BuildManager. CreateInstanceFromVirtualPath (context. Request. Path, typeof (Page) as IHttpHandler, true );
}
Else
{
Context. Server. Transfer ("/login. aspx ");
}
}
}

 

Code Description:

1. here I only intercept. aspx file request access, so the second parameter CreateInstanceFromVirtualPath is specified as typeof (Page). Of course, you can also use BuildManager. getCompiledType (path) obtains its Type. During debugging, I found that this line of code is time-consuming, and Page is used directly without any need.

2. BuildManager. CreateInstanceFromVirtualPath method MSDN statement: process a file with a given virtual path and create an instance with the result. [Share] The default HttpHandler method called by. net in the Custom HttpHandler provides the part I commented out, which is used by ASP. NET 1.1 and can also be used in 2.0!

Process description:

When a user accesses the aspx page under the/page directory under the root directory, the user will be intercepted by httphandrepowercontrols and the permission will be determined in ProcessRequest, if you have the permission, go to the execution page (manually create an instance for compiling the specified page). If you do not have the permission, go to the login page.

 

Note:

1. When using AjaxPro, AjaxPro. Utility. RegisterTypeForAjax needs to specify the second parameter, for example, AjaxPro. Utility. RegisterTypeForAjax (typeof (_ Default), Page );

Set this parameter to Page. Otherwise, an error is returned, indicating that type conversion failed!

2. path Matching: it cannot match files in sub-directories. Simple *,? Wildcard characters, such as/page/*->, can match only files in the/page/*-> directory of the page to match files in any level-1 subdirectory of the page Directory.

3. Pay attention when using the verification code. If the verification code is returned on the Page and is under permission control, filter it out!

 

Legacy problems:

1. Will this cause performance damage ?!

2. I still do not understand the attribute IsResult!

 

End

You are welcome to exchange comments and continue to explore solutions for permission control in ASP. NET :)