2. Tech
  3. The HTTPContext class contains all specific HTTP information for individual HTTP requests.

The HTTPContext class contains all specific HTTP information for individual HTTP requests.

xiaoxiao2021-03-06  14

Code

The HTTPContext class contains all specific HTTP information for individual HTTP requests. This example is mainly how to use the user attribute in the HTTPContext class to implement user authentication!

User authentication is that most ASP.NET web applications are used, which posses a very important status throughout the application. In .NET, there are many user authentication methods, such as well-known Passport authentication, Windows certification , Form certification, etc., it is difficult to meet our needs in practical applications, so that many friends are all written by themselves to implement their own features, which makes us consideration in security and system efficiency. .

In fact, the user verification mechanism built in the ASP.NET is very powerful, and it also has very good scalability, which can generate an attribute called User in the HTTPContext object. This property allows us to access various information. , Including whether the user has verified, the user's type, user name, etc. We can also expand the functionality of this property to achieve our requirements.

Objects assigned to HTTPContext.user must implement an IPRINCIPAL interface, one of the IPrInCIPAL defined attributes is Identity, which must implement the IIDENTITY interface. Because we only need to write classes that implement these two interfaces, we can add any of these classes we need.

First, we create two classes that implement iprincipal and iidentity, namely Myiprincipal and MyIndentity.

Myiprincipal.cs

Using

System;

Using

System.collections;

Namespace

HttpContextUsereg

{

///

///

Abstract description of MyPrincipal.

///

///

Implement an IPRINCIPAL interface

public

Class

Myprincipal: system.security.principal.iprincipal

{

Private

System.security.principal.iidentity Identity;

Private

ArrayList RoleList;

public

Myprincipal

String

UserID,

String

Password)

{

//

//

TODO: Add constructor logic here

//

Identity

=

New

MyIdentity (userid, password);

IF

(Identity.isauthenticated)

{

//

If you get the user's Role, you can modify it from the database.

//

Read the specified user's role and add it to the RoleList, add an Admin role to the user directly in this example

RoleList

=

New

ArrayList ();

Rolelist.add (

"

Admin

"

);

}

Else

{

//

Do Nothing

}

}

public

ArrayList RoleList

{

get

{

Return

RoleList;

}

}

#REGION

IPrIncipal member

public

System.security.principal.iidentity Identity

{

get

{

//

Todo: Add myprincipal.Identity getter implementation

Return

Identity;

}

set

{

Identity

=

Value;

}

}

public

Bool

Isinrole

String

Role) {

//

Todo: Add myprincipal.isinrole implementation

Return

RoleList.contains (role) ;;

}

#ndregion

}

}

Myidentity.cs

Using

System;

Namespace

HttpContextUsereg

{

///

///

A summary description of MyIdentity.

///

///

Implement IIDENTITY interface

public

Class

Myidentity: system.security.principal.iidentity.principal.iz

{

Private

String

UserId;

Private

String

Password;

public

Myidentity

String

CurrentUserid,

String

CurrentPassword

{

//

//

TODO: Add constructor logic here

//

UserID

=

CurrentUserId;

Password

=

CurrentPassword;

}

Private

Bool

Canpass ()

{

//

Here friends can change from their own needs to verify user names and passwords from the database.

//

Here is the string that I specified directly.

IF

(UserID)

==

"

Yan0lovesha

"

&&&&

Password

==

"

Iloveshasha

"

)

{

Return

True

;

}

Else

{

Return

False

;

}

}

public

String

Password

{

get

{

Return

Password;

}

set

{

Password

=

Value;

}

}

#REGION

IIDENTITY member

public

Bool

Isauthenticated

{

get

{

//

Todo: Add myidentity.isauthenticated getter implementation

Return

Canpass ();

}

}

public

String

Name

{

get

{

//

Todo: Add myidentity.name getter implementation

Return

UserId;

}

}

//

This attribute we can use it according to your needs, it is not used in this example.

public

String

AuthenticationType

{

get

{

//

Todo: Add myidentity.authenticationType getter implementation

Return

NULL

;

}

}

#ndregion

}

}

After completing these two classes, we have to create your own Page class to cooperate with our validation, so that we can also let us do not have to write the same Page_Load event in each page. Here we name it mypage and inherit from Page Class

Mypage.cs

Using

System;

Using

System.collections;

Namespace

HttpContextUsereg

{

///

///

A summary illustration of mypage.

///

///

Inherit from Page Class

public

Class

Mypage: System.Web.ui.page

{

public

Mypage ()

{

//

//

TODO: Add constructor logic here

//

}

protected

Override

Void

OnInit (Eventargs E)

{

Base

.Onit (e);

THIS

.Load

=

New

EventHandler (mypage_load);

//

Extract user information from the cache when loading

Private

Void

Mypage_load

Object

Sender, System.EventArgs E)

{

IF

Context.user.Identity.isauthenticated)

{

IF

(Context.cache [

"

UserMessage

"

]

! =

NULL

)

{

Hashtable UserMessage

=

(Hashtable) context.cache [

"

UserMessage

"

];

MyPrincipal Principal

=

New

MyPrincipal (UserMessage

"

UserID

"

] .ToString (), UserMessage [

"

Userpassword

"

] .ToString ());

Context.user

=

PRINCIPAL;

}

}

}

}

}

Below is our interface WebForm.aspx and WebForm.aspx.cs

WebForm.aspx

Webform1

username:

Password:

Webform1.aspx.cs

Using

System;

Using

System.collections;

Using

System.componentmodel;

Using

System.data;

Using

System.drawing;

Using

System.Web;

Using

System.Web.caching;

Using

System.Web.SessionState;

Using

System.Web.ui;

Using

System.Web.ui.WebControls;

Using

System.Web.ui.htmlControls;

Namespace

HttpContextUsereg

{

///

///

Abstract description of WebForm1.

///

///

Inheriting here from the Page class to inherit yourself MyPage class

public

Class

Webform1: httpcontextusereg.mypage

{

protected

System.Web.ui.WebControls.TextBox TBXUSERID;

protected

System.Web.ui.WebControls.TextBox TbxPassword;

protected

System.Web.ui.WebControls.Panel Panel1;

protected

System.Web.ui.WebControls.button btnadmin;

protected

System.Web.ui.WebControls.button btnuser;

protected

System.Web.ui.WebControls.Label LblroleMessage;

protected

System.web.ui.webcontrols.label lblloginmessage;

protected

System.Web.ui.WebControls.Button Btnlogin

Private

Void

Page_load

Object

Sender, System.EventArgs E)

{

//

Place the user code here to initialize the page

}

#REGION

Code generated by web form designer

Override

protected

Void

OnInit (Eventargs E)

{

//

//

Codegen: This call is required for the ASP.NET Web Form Designer.

//

InitializeComponent (); base

.Onit (e);

}

///

///

Designer supports the required method - do not modify using code editor

///

This method is content.

///

Private

Void

InitializeComponent ()

{

THIS

.btnlogin.click

=

New

System.eventhandler

THIS

.btnlogin_click;

THIS

.btnadmin.click

=

New

System.eventhandler

THIS

.btnadmin_click;

THIS

.btnuser.click

=

New

System.eventhandler

THIS

.btnuser_click;

THIS

.Load

=

New

System.eventhandler

THIS

.Page_load);

}

#ndregion

Private

Void

Btnlogin_Click

Object

Sender, System.EventArgs E)

{

MyPrincipal Principal

=

New

MyPrincipal (TBXUserId.Text, TBXpassword.text);

IF

(

!

Principal.Identity.isauthenticated)

{

LBLLoginMessage.Text

=

"

Username or password is incorrect

"

;

Panel1.visible

=

False

;

}

Else

{

//

If the user passes the verification, the user information is saved in the cache, and it is used.

//

In practice, friends can try to save user information using user verification tickets, which is also .NET built-in user processing mechanism

Context.user

=

PRINCIPAL;

Hashtable UserMessage

=

New

Hashtable ();

UserMessage.Add (

"

UserID

"

, tbxuserid.text);

UserMessage.Add (

"

Userpassword

"

, tbxpassword.text);

Context.cache.insert

"

UserMessage

"

UserMessage;

LBLLoginMessage.Text

=

TBXUserId.Text

"

Already log in

"

;

Panel1.visible

=

True

;

}

}

Private

Void

Btnadmin_click

Object

Sender, System.EventArgs E)

{

//

Verify that the user's role contains admin

IF

(Context.user.isinrole

"

Admin

"

))

{

LBLROLEMESSAGE.TEXT

=

"

user

"

(MyPrincipal) Context.user) .Identity.name

"

Belong to admin group

"

;

}

Else

{

LBLROLEMESSAGE.TEXT

=

"

user

"

Context.user.Identity.name

"

Do not belong to admin group

"

;

}

}

Private

Void

BTNUser_Click

Object

Sender, System.EventArgs E)

{

//

Verify that the user's Role contains User

IF

(Context.user.isinrole

"

User

"

))

{

LBLROLEMESSAGE.TEXT

=

"

user

"

Context.user.Identity.name

"

Belong to the User group

"

;

}

Else

{

LBLROLEMESSAGE.TEXT

=

"

user

"

Context.user.Identity.name

"

Do not belong to the User group

"

;

}

}

}

}

The code part is over, friends can try to see the effect, in this example, in this example, for the convenience, in practical applications, these will be from the database or from other configuration files, and this The scalability of the method is very high, we can extend the functionality of the MyIPrincipal and Myidentity classes according to your needs. For example, we can add an isinpermission property to enable the user not only a role, but each role can also have different permissions. In this example, it is also possible to try the user verification ticket by using the cache to save the user's verification.

We can see that this user verification mechanism, the more favorable in our program, the more benefits it, and he still has a lot worthy of our discovery!

I hope everyone can communicate with me! Thank you!

转载请注明原文地址:https://www.9cbs.com/read-49865.html

9cbs

New Post(0)