自定义HTTP模块工作IIS7集成,而不是经典模式自定义、而不是、模块、模式
我有一个写在asp.net应用程序,我有集成到网站的一些旧的传统的ASP页面。该网站使用Windows身份验证。因为我不能管理的.asp与角色的页面,我写了一个自定义的HttpModule来检查用户是否有权限查看这些网页,否则它重定向到访问被拒绝页面。主要的问题是,应用程序需要在经典模式在IIS7运行。我的模块工作在集成模式下,而不是在经典模式。有什么理由这样code不应该在传统模式下工作呢?先谢谢了。
下面是code的模块,它是pretty的简单:
公共类MyModule的:IHttpModule的
{
公共无效的Init(HttpApplication的应用程序)
{
application.PostAuthenticateRequest + =新的EventHandler(Application_PostAuthenticateRequest);
}
无效Application_PostAuthenticateRequest(对象源,EventArgs的五)
{
HttpApplication的应用程序=(HttpApplication的)来源;
HttpContext的背景下=((HttpApplication的)源).Context;
如果(context.Request.RawUrl.Contains(/保护子文件夹/))
{
//从Windows身份验证获取用户
字符串的currentUser = Convert.ToString(context.User.Identity.Name);
如果(!isAdmin(的currentUser))
{
//拒绝访问
(context.Response).Redirect(VirtualPathUtility.ToAbsolute(〜/ AccessDenied.aspx));
}
}
}
公共无效的Dispose(){}
下面是经典模式(不工作)在web.config中的设置:
<结构>
<的System.Web>
<的HttpModules>
<添加名称=MyModule的TYPE =MyModule的/>
< / HttpModules的>
< /system.web>
< /结构>
和设置的综合模式(工作):
<结构>
< system.webServer>
<模块>
<添加名称=MyModule的TYPE =MyModule的/>
< /模块>
<验证validateIntegratedModeConfiguration =FALSE/>
< /system.webServer>
< /结构>
解决方案
在集成模式下,IIS应用程序池允许的任意的请求URL到然而,来到ASP.NET ISAPI,在经典模式,你需要一个第三方的ISAPI或请求将被直接发送到页面上。
在集成,模块最先获得实际的请求内容前检查。
这样:
集成模式: http://www.yoursite.com/myfile.html首先通过配置HTTP模块和Global.asax中的HTTP模块和路线(你Request.Url应该有上面的URL)
经典模式: http://www.yoursite.com/myfile.html检查是否存在实际上是一个名为myfile.html文件,如果没有的话,就都到了404页。除非再次,你有一个自定义的URLRewrite模块。
希望这有助于你。
I have an application that is written in asp.net and I have some legacy classic asp pages integrated into the site. The site uses Windows authentication. Because I cannot manage .asp pages with roles, I've written a custom HttpModule to check if a user has permissions to view those pages, otherwise it redirects to an "access denied" page. The main issue is that the application needs to run in "classic mode" on IIS7. My module works in integrated mode, but not in classic mode. Is there any reason this code shouldn't work in classic mode as well? Thanks in advance.
Here is the code for the module, it's pretty simple:
public class MyModule: IHttpModule
{
public void Init(HttpApplication application)
{
application.PostAuthenticateRequest += new EventHandler(Application_PostAuthenticateRequest);
}
void Application_PostAuthenticateRequest(object source, EventArgs e)
{
HttpApplication app = (HttpApplication)source;
HttpContext context = ((HttpApplication)source).Context;
if (context.Request.RawUrl.Contains("/protected-subfolder/"))
{
// gets user from windows authentication
string currentUser = Convert.ToString(context.User.Identity.Name);
if (!isAdmin(currentUser))
{
//deny access
(context.Response).Redirect(VirtualPathUtility.ToAbsolute("~/AccessDenied.aspx"));
}
}
}
public void Dispose(){ }
Here is the setting in web.config for classic mode (not working):
<configuration>
<system.web>
<httpModules>
<add name="MyModule" type="MyModule" />
</httpModules>
</system.web>
</configuration>
And the setting for integrated mode (working):
<configuration>
<system.webServer>
<modules>
<add name="MyModule" type="MyModule"/>
</modules>
<validation validateIntegratedModeConfiguration="false" />
</system.webServer>
</configuration>
解决方案
In integrated mode, IIS App pools allow Any request URL to come in to the ASP.NET ISAPI, however, in classic mode, you would need a third-party ISAPI or the request will be sent directly to the page.
In integrated, the module gets checked FIRST before the actual request content.
SO:
Integrated Mode: http://www.yoursite.com/myfile.html first goes through your http modules and routes configured in http modules and global.asax (your Request.Url should have the URL above)
Classic Mode: http://www.yoursite.com/myfile.html checks to see if there is actually a file called myfile.html, and if not, then it goes to a 404 page. UNLESS, again, you have a custom URLRewrite module.
Hope this helps ya.
