menu
more_vert
ASP.NET底层封装HttpModule实例---FormsAuthentication类的分析

作者:dayu


看下FormsAuthenticationModule的源码:
技术分享
看下我们最熟的Init方法:
技术分享
可以看到,在这里给我们注册了两个HttpApplication管道事件,我们看看AuthenticateRequest事件给我们的解释:
技术分享
然后我们看看OnEnter这个方法:
技术分享
随后我们点进去看看OnAuthenticate方法:

  private void OnAuthenticate(FormsAuthenticationEventArgs e)
{
    HttpCookie cookie = null;
    if (this._eventHandler != null)
    {
        this._eventHandler(this, e);
    }
    if (e.Context.User == null)
    {
        if (e.User != null)
        {
            e.Context.SetPrincipalNoDemand(e.User);
        }
        else
        {
            bool cookielessTicket = false;
            FormsAuthenticationTicket tOld = ExtractTicketFromCookie(e.Context, FormsAuthentication.FormsCookieName, out cookielessTicket);
            if ((tOld != null) && !tOld.Expired)
            {
                FormsAuthenticationTicket ticket = tOld;
                if (FormsAuthentication.SlidingExpiration)
                {
                    ticket = FormsAuthentication.RenewTicketIfOld(tOld);
                }
                e.Context.SetPrincipalNoDemand(new GenericPrincipal(new FormsIdentity(ticket), new string[0]));
                if (!cookielessTicket && !ticket.CookiePath.Equals("/"))
                {
                    cookie = e.Context.Request.Cookies[FormsAuthentication.FormsCookieName];
                    if (cookie != null)
                    {
                        cookie.Path = ticket.CookiePath;
                    }
                }
                if (ticket != tOld)
                {
                    if ((cookielessTicket && (ticket.CookiePath != "/")) && (ticket.CookiePath.Length > 1))
                    {
                        ticket = FormsAuthenticationTicket.FromUtc(ticket.Version, ticket.Name, ticket.IssueDateUtc, ticket.ExpirationUtc, ticket.IsPersistent, ticket.UserData, "/");
                    }
                    string cookieValue = FormsAuthentication.Encrypt(ticket, !cookielessTicket);
                    if (cookielessTicket)
                    {
                        e.Context.CookielessHelper.SetCookieValue(F, cookieValue);
                        e.Context.Response.Redirect(e.Context.Request.RawUrl);
                    }
                    else
                    {
                        if (cookie != null)
                        {
                            cookie = e.Context.Request.Cookies[FormsAuthentication.FormsCookieName];
                        }
                        if (cookie == null)
                        {
                            cookie = new HttpCookie(FormsAuthentication.FormsCookieName, cookieValue) {
                                Path = ticket.CookiePath
                            };
                        }
                        if (ticket.IsPersistent)
                        {
                            cookie.Expires = ticket.Expiration;
                        }
                        cookie.Value = cookieValue;
                        cookie.Secure = FormsAuthentication.RequireSSL;
                        cookie.HttpOnly = true;
                        if (FormsAuthentication.CookieDomain != null)
                        {
                            cookie.Domain = FormsAuthentication.CookieDomain;
                        }
                        e.Context.Response.Cookies.Remove(cookie.Name);
                        e.Context.Response.Cookies.Add(cookie);
                    }
                }
            }
        }
    }
}

留心的话,可以发现在这个方法里面所有与Forms表单认证相关的类都涉及到了。因此对于Forms表单认证的处理模块,最重要的就是这个FormsAuthenticationModule类了,在这里面,会把为了解耦操作所创建的类都给用上。不得不说,要我写写不出来,理解下HttpModule管道的实际应用还是可以的,对模块设计有个大概的了解。在这里,这个类不知道会不会让你想起ASP.NET MVC框架下的Authentication Filter这个过滤器,过滤器的实现其实就是利用了Attribute这个特性才实现AOP切面注入,因此,其实这个也应该可以加上Attribute来实现AOP。,当然这是我的猜想哈,不过应该可行。

ASP.NET底层封装HttpModule实例---FormsAuthentication类的分析

原文地址:http://www.cnblogs.com/zhiyong-ITNote/p/7231590.html