全部博文(10)
分类:
2008-10-08 16:08:32
1
创建UserAuthorizationModule类
public class UserAuthorizationModule : IHttpModule
{
public void Dispose()
{ }
public void Init(HttpApplication
context)
{
context.AcquireRequestState += new EventHandler(context_AcquireRequestState);
}
void
context_AcquireRequestState(object sender, EventArgs e)
{
// 获取应用程序
HttpApplication
application = (HttpApplication)sender;
// 检查用户是否已经登录
bool
isLogin = false;
string
userName="";
string
userPwd="";
if
(application.Context.Session["UserName"]
== null ||
application.Context.Session["UserName"].ToString().Trim()
== "")
{
if
(application.Request["userName"] !=
null)
{
userName = application.Request.Cookies["userName"].Value;
userPwd =
application.Request.Cookies["userPwd"].Value;
if
(CheckUser(userName, userPwd))
{
isLogin = true;
}
}
}
else
{
isLogin = true;
}
if(isLogin)
{
// 已经登录,向每个请求的页面打印欢迎词。
application.Session["userName"] = userName;
application.Session["group"] = application.Request.Cookies["group"].Value;
application.Response.Write(string.Format("欢迎您!{0}!",
application.Context.Session["UserName"]));
}
else
{
// 获取Url
string
requestUrl = application.Request.Url.ToString();
string
requestPage = requestUrl.Substring(requestUrl.LastIndexOf('/') + 1);
// 如果请求的页面不是登录页面,刚重定向到登录页面。
if
(requestPage != "Login.aspx")
application.Server.Transfer("Login.aspx");
}
}
private string group;
private bool CheckUser(string
name, string pwd)
{
SqlConnection
con = new SqlConnection("server=.;uid=sa;pwd=123;database=studentdb");
con.Open();
SqlCommand
cmd = new SqlCommand();
cmd.Connection = con;
cmd.CommandText = "select pwd,[group] from users where uname='"
+ name + "'";
SqlDataReader
dr = cmd.ExecuteReader();
bool f
= false;
if
(dr.Read())
{
if
(dr[0].ToString().Equals(pwd))
{
f = true;
group = dr[1].ToString();
}
}
dr.Close();
con.Close();
return
f;
}
}
2
创建SystemModuleAuthorizationModule类
public class SystemModuleAuthorizationModule : IHttpModule
{
public void Dispose()
{ }
public void Init(HttpApplication
context)
{
context.AcquireRequestState += new EventHandler(context_AcquireRequestState);
}
void
context_AcquireRequestState(object sender, EventArgs e)
{
HttpApplication
application = (HttpApplication)sender;
// 如果用户未登录,则无需检查模块授权,因为请求会被用户登录Module重定向到登录页面。
if
(application.Session["group"] == null)
return;
// 获取用户名和Url
string
group = application.Session["group"].ToString();
string
url = application.Request.Url.ToString();
// 如果用户没有被授权,请求被终止,并打印提示信息。
if (!Validator.CanUseModule(group, url))
{
application.CompleteRequest();
application.Response.Write(string.Format("对不起!{0},您无权访问此模块!",
application.Session["userName"].ToString()));
}
}
}
public class Validator
{
public static bool
CanUseModule(string group, string url)
{
if
(!url.Contains("BBS") &&
!url.Contains("News"))
return
true;
else if (group == "A"
&& url.Contains("BBS"))
return true;
else if (group == "B"
&& url.Contains("News"))
return
true;
else
return
false;
}
}}
3
创建Login.aspx
Default.aspx(超链接到Model1.aspx 和Model2.aspx)
3.1
Login.aspx
string group;
protected void btnLogin_Click(object
sender, EventArgs e)
{
if
(CheckUser(txtName.Text, txtPwd.Text))
{
HttpCookie
hc = new HttpCookie("group", group);
hc.Expires = DateTime.Now.AddMinutes(30);
Response.Cookies.Add(hc);
hc = new HttpCookie("userName", txtName.Text);
hc.Expires = DateTime.Now.AddMinutes(30);
Response.Cookies.Add(hc);
hc = new
HttpCookie("userPwd",
txtPwd.Text);
hc.Expires = DateTime.Now.AddMinutes(30);
Response.Cookies.Add(hc);
Session["UserName"]
= txtName.Text;
Session["group"]
= group;
Response.Redirect("Default.aspx");
}
}
private bool CheckUser(string
name, string pwd)
{
SqlConnection con = new
SqlConnection("server=.;uid=sa;pwd=123;database=studentdb");
con.Open();
SqlCommand
cmd = new SqlCommand();
cmd.Connection = con;
cmd.CommandText = "select pwd,[group] from users where uname='"
+ name + "'";
SqlDataReader
dr = cmd.ExecuteReader();
bool f
= false;
if
(dr.Read())
{
if
(dr[0].ToString().Equals(pwd))
{
f = true;
group = dr[1].ToString();
}
}
dr.Close();
con.Close();
return
f;
}
在Web.config里面加入代码
<system.web>
/*-------- system.web下面---------------*/
<httpModules>
<add name="u" type="UserAuthorizationModule"/>
<add name="s" type="SystemModuleAuthorizationModule"/>
httpModules>
system.web>
chinaunix网友2009-03-07 10:42:59
我qq 283162221 我做个统计用到了这个,在本地测试都成功实现了功能,但是发布到网上的时候,就报错误了,不知道是上面原因,你给看看HttpModule.application_AcquireRequestState(Object sender, EventArgs e) +150 System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +92 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64
