HTTPModule articles in ASP.NET

xiaoxiao2021-03-06  110

HTTPModule articles in ASP.NET

Author: SUN Ya-min

Httphandler implements a function similar to the ISAPI EXTENTION, which handles request (response). The implementation of the HTTPHANDLER function is achieved by implementing the IHTTPHANDLER interface. HttpModule implements features similar to the ISAPI Filter.

Implementation of httpmodule

HttpModules realizes the functionality similar to the ISAPI Filter. In development, the following steps are often required:

1. Write a class to implement the IHTPModule interface

2. Implement the init method and registration needs

3. Method for realizing registration

4. Implement the Dispose method, if you need to do some clearance for classes, you can add the DISPOSE method, but this is not required, usually not adding any code to the Dispose method.

5. In the web.config file, register your class

Below is an example of httpmodules, in this example, just simply registering the httpApplication's BeginRequest and EndRequest events, and prints the relevant information through the implementation methods of these events.

example 1:

Using system;

Using system.Web;

Namespace mymodule

{

Public class mymodule: httpmodule

{

Public void init (httpapplication application)

{

Application.BeginRequest = (New

EventHandler (this.application_beginRequest);

Application.endRequest = (New

EventHandler (this.application_endrequest);

}

Private void Application_BeginRequest (Object Source, Eventargs E)

{

HTTPApplication Application = (httpapplication) Source;

HttpResponse response = Application.Context.Response;

Response.write ("

Beginning of Request
");

}

Private Void Application_ENDREQUEST (Object Source, Eventargs E)

{

HTTPApplication Application = (httpapplication) Source;

HttpResponse response = Application.Context.Response;

Response.write ("

end of request
");

}

Public void dispose ()

{

}

}

}

The beginning of the program references the following namespace:

Using system;

Using system.Web;

Because httpApplication, httpinter, etc. is defined in System.Web, so the System.Web namespace must be referenced by the SYSTEM.WEB.

The MyModule class implements the IHTTPModule interface. In the init method, the method of implementing the BeginRequest and endRequest events is indicated. In these two methods, only some information is printed separately. Below, you can use this httpmodule in the web.config file, you can use this httpmodule, the registration method is as follows:

Now let's take a look at the effect. Write an ASPX page Test.aspx, the content is as follows:

<%

Response.write ("

this is the page
");

%>

The interface after run is shown in the figure:

In-depth study httpmodule

HttpModule affects the HTTP processing pipeline by processing a series of events of the HTTPApplication object, which registers in the httpmodule init method, including:

BeginRequest

AuthenticateRequest

Authorzequest

ResolveRequestCache

AcquireRequestState

PrerequestHandleRexecute

PostRequestHandleRexecute

ReleaseRequestState

UpdateRequestCache

EndRequest

Some of the events correspond to the events in Global.asax, the correspondence is as follows:

HttpModuleGlobal.asaxbeginRequestApplication_BeginRequestAuthenticateRequestApplication_AuthenticateRequestendRequestApplication_endrequest

In Example 1, the BeginRequest and endRequest events were processed, and the processing of other events was basically similar.

As far as HTTPHandler, these events, some occurred before httphandler, and some occurred after HTTPHANDLER. Understanding the order of events is very important, because the objects of the server have different performances in different periods of time. One of the examples is the use of session. The session can be processed in all events, but can only be processed in a limited number of events. The detailed process can refer to the following HTTP Request processing lifecycle map.

Implement a permission system using HttpModule

When we develop application systems, the application system's permission control is a very important part. In ASP, the control to achieve permissions is more troublesome, because we must add permission control code to each ASP page that needs to be controlled to control customers' access. The problem brings, in addition to writing a large number of duplicate code, due to the close coupling of the module of the service processing section, the modification of the permissions control module often brings a lot of modification work, and even plenty of bugs. .

Therefore, we need to decouple the permissions control and business processing modules so that the two parts can be developed and modified independently, and will not affect each other, or will minimize the effect. In the JSP program, this purpose can be implemented by introducing a front-end controller (see "J2EE Core Mode") by introducing a front-end controller (for front-end controller mode. In ASP.NET, we can use HTTPModule to achieve the same effect. Let's take a look at the process of implementation. First, we will build a permission processing system that detects that a user has access to a module function (specific structure, I think, readers should have access to this part of programming, so no more details), where, The definition of permission check classes exposed to client calls are as follows:

Public Class Rightchecker

{

Public Static Bool Hasright (User User, Module Module)

{

/ / Permissions verification,

}

}

Then we write a filter using httpmodule:

Using system;

Using system.Web;

Namespace mymodule

{

Public class mymodule: httpmodule

{

Public void init (httpapplication application)

{

Application. acquirerequestState = (New

EventHandler (this.application_acquirerequeststate);

}

Private void Application_AcquireRequestState (Object Source,

Eventargs E)

{

HTTPApplication Application = (httpapplication) Source;

User User = Application.Context.Sesseion ["user"] // Get User

String Url = Application.Context.Request.path;

/ / Get the page of the customer access

Module Module = // Get the module in accordance with the URL

IF (! RightChecker.hasright (user, module)

Application.context.server.Transfer ("ErrorPage.aspx");

// If there is no permission, boot to the error handling page

}

Public void dispose ()

{

}

}

}

After registering this class, after registering in Web.config, our application system has the function of permission management. How is it better than the original way?

转载请注明原文地址:https://www.9cbs.com/read-102810.html

New Post(0)