先了解一下IIS系統(tǒng)。它是一個(gè)程序,負(fù)責(zé)對(duì)網(wǎng)站的內(nèi)容進(jìn)行管理并且處理對(duì)客戶的請(qǐng)求做出反應(yīng)。當(dāng)用戶對(duì)一個(gè)頁(yè)面提出請(qǐng)求時(shí),IIS做如下反應(yīng)(不考慮權(quán)限問(wèn)題):
1.把對(duì)方請(qǐng)求的虛擬路徑轉(zhuǎn)換成物理路徑
2.根據(jù)物理路徑搜索請(qǐng)求的文件
3.找到文件后,獲取文件的內(nèi)容
4.生成Http頭信息。
5.向客戶端發(fā)送所有的文件內(nèi)容:首先是頭信息,然后是Html內(nèi)容,最后是其它文件的內(nèi)容。
6.客戶端IE瀏覽器獲得信息后,解析文件內(nèi)容,找出其中的引用文件,如.js .css .gif等,向IIS請(qǐng)求這些文件。
7.IIS獲取請(qǐng)求后,發(fā)送文件內(nèi)容。
8.當(dāng)瀏覽器獲取所有內(nèi)容后,生成內(nèi)容界面,客戶就看到圖像/文本/其它內(nèi)容了。
但是IIS本身是不支持動(dòng)態(tài)頁(yè)面的,也就是說(shuō)它僅僅支持靜態(tài)html頁(yè)面的內(nèi)容,對(duì)于如.asp,.aspx,.cgi,.php等,IIS并不會(huì)處理這些標(biāo)記,它就會(huì)把它當(dāng)作文本,絲毫不做處理發(fā)送到客戶端。為了解決這個(gè)問(wèn)題。IIS有一種機(jī)制,叫做ISAPI的篩選器,這個(gè)東西是一個(gè)標(biāo)準(zhǔn)組件(COM組件),當(dāng)在在訪問(wèn)IIS所不能處理的文件時(shí),如asp.net 1.1 中的IIS附加ISAPI篩選器如圖:
Asp.net 服務(wù)在注冊(cè)到IIS的時(shí)候,會(huì)把每個(gè)擴(kuò)展可以處理的文件擴(kuò)展名注冊(cè)到IIS里面(如:*.ascx、*.aspx等)。擴(kuò)展啟動(dòng)后,就根據(jù)定義好的方式來(lái)處理IIS所不能處理的文件,然后把控制權(quán)跳轉(zhuǎn)到專門處理代碼的進(jìn)程中。讓這個(gè)進(jìn)程開(kāi)始處理代碼,生成標(biāo)準(zhǔn)的HTML代碼,生成后把這些代碼加入到原有的 Html中,最后把完整的Html返回給IIS,IIS再把內(nèi)容發(fā)送到客戶端。
有上面對(duì)ISAPI的簡(jiǎn)單描述,我們把HttpModule& HttpHandler分開(kāi)討論,并且結(jié)合CS進(jìn)行具體的實(shí)現(xiàn)分析。
HttpModule:
HttpModule實(shí)現(xiàn)了ISAPI Filter的功能,是通過(guò)對(duì)IhttpModule接口的繼承來(lái)處理。下面打開(kāi)CS中的CommunityServerComponents項(xiàng)目下的CSHttpModule.cs文件(放在HttpModule目錄)
//------------------------------------------------------------------------------
// <copyright company="Telligent Systems">
// Copyright (c) Telligent Systems Corporation. All rights reserved.
// </copyright>
//------------------------------------------------------------------------------
using System;
using System.IO;
using System.Web;
using CommunityServer.Components;
using CommunityServer.Configuration;
namespace CommunityServer
{
// *********************************************************************
// CSHttpModule
//
/**//// <summary>
/// This HttpModule encapsulates all the forums related events that occur
/// during ASP.NET application start-up, errors, and end request.
/// </summary>
// ***********************************************************************/
public class CSHttpModule : IHttpModule
{
Member variables and inherited properties / methods#region Member variables and inherited properties / methods
public String ModuleName
{
get { return "CSHttpModule"; }
}
// *********************************************************************
// ForumsHttpModule
//
/**//// <summary>
/// Initializes the HttpModule and performs the wireup of all application
/// events.
/// </summary>
/// <param name="application">Application the module is being run for</param>
public void Init(HttpApplication application)
{
// Wire-up application events
//
application.BeginRequest += new EventHandler(this.Application_BeginRequest);
application.AuthenticateRequest += new EventHandler(Application_AuthenticateRequest);
application.Error += new EventHandler(this.Application_OnError);
application.AuthorizeRequest += new EventHandler(this.Application_AuthorizeRequest);
//settingsID = SiteSettingsManager.GetSiteSettings(application.Context).SettingsID;
Jobs.Instance().Start();
//CSException ex = new CSException(CSExceptionType.ApplicationStart, "Appication Started " + AppDomain.CurrentDomain.FriendlyName);
//ex.Log();
}
//int settingsID;
public void Dispose()
{
//CSException ex = new CSException(CSExceptionType.ApplicationStop, "Application Stopping " + AppDomain.CurrentDomain.FriendlyName);
//ex.Log(settingsID);
Jobs.Instance().Stop();
}
Installer#region Installer
#endregion
#endregion
Application OnError#region Application OnError
private void Application_OnError (Object source, EventArgs e)
{
HttpApplication application = (HttpApplication)source;
HttpContext context = application.Context;
CSException csException = context.Server.GetLastError() as CSException;
if(csException == null)
csException = context.Server.GetLastError().GetBaseException() as CSException;
try
{
if (csException != null)
{
switch (csException.ExceptionType)
{
case CSExceptionType.UserInvalidCredentials:
case CSExceptionType.AccessDenied:
case CSExceptionType.AdministrationAccessDenied:
case CSExceptionType.ModerateAccessDenied:
case CSExceptionType.PostDeleteAccessDenied:
case CSExceptionType.PostProblem:
case CSExceptionType.UserAccountBanned:
case CSExceptionType.ResourceNotFound:
case CSExceptionType.UserUnknownLoginError:
case CSExceptionType.SectionNotFound:
csException.Log();
break;
}
}
else
{
Exception ex = context.Server.GetLastError();
if(ex.InnerException != null)
ex = ex.InnerException;
csException = new CSException(CSExceptionType.UnknownError, ex.Message, context.Server.GetLastError());
System.Data.SqlClient.SqlException sqlEx = ex as System.Data.SqlClient.SqlException;
if(sqlEx == null || sqlEx.Number != -2) //don't log time outs
csException.Log();
}
}
catch{} //not much to do here, but we want to prevent infinite looping with our error handles
CSEvents.CSException(csException);
}
#endregion
Application AuthenticateRequest#region Application AuthenticateRequest
private void Application_AuthenticateRequest(Object source, EventArgs e)
{
HttpContext context = HttpContext.Current;
Provider p = null;
ExtensionModule module = null;
// If the installer is making the request terminate early
if (CSConfiguration.GetConfig().AppLocation.CurrentApplicationType == ApplicationType.Installer) {
return;
}
// Only continue if we have a valid context
//
if ((context == null) || (context.User == null))
return;
try
{
// Logic to handle various authentication types
//
switch(context.User.Identity.GetType().Name.ToLower())
{
// Microsoft passport
case "passportidentity":
p = (Provider) CSConfiguration.GetConfig().Extensions["PassportAuthentication"];
module = ExtensionModule.Instance(p);
if(module != null)
module.ProcessRequest();
else
goto default;
break;
// Windows
case "windowsidentity":
p = (Provider) CSConfiguration.GetConfig().Extensions["WindowsAuthentication"];
module = ExtensionModule.Instance(p);
if(module != null)
module.ProcessRequest();
else
goto default;
break;
// Forms
case "formsidentity":
p = (Provider) CSConfiguration.GetConfig().Extensions["FormsAuthentication"];
module = ExtensionModule.Instance(p);
if(module != null)
module.ProcessRequest();
else
goto default;
break;
// Custom
case "customidentity":
p = (Provider) CSConfiguration.GetConfig().Extensions["CustomAuthentication"];
module = ExtensionModule.Instance(p);
if(module != null)
module.ProcessRequest();
else
goto default;
break;
default:
CSContext.Current.UserName = context.User.Identity.Name;
break;
}
}
catch( Exception ex )
{
CSException forumEx = new CSException( CSExceptionType.UnknownError, "Error in AuthenticateRequest", ex );
forumEx.Log();
throw forumEx;
}
// // Get the roles the user belongs to
// //
// Roles roles = new Roles();
// roles.GetUserRoles();
}
#endregion
Application AuthorizeRequest#region Application AuthorizeRequest
private void Application_AuthorizeRequest (Object source, EventArgs e) {
if (CSConfiguration.GetConfig().AppLocation.CurrentApplicationType == ApplicationType.Installer)
{
//CSContext.Create(context);
return;
}
HttpApplication application = (HttpApplication)source;
HttpContext context = application.Context;
CSContext csContext = CSContext.Current;
//bool enableBannedUsersToLogin = CSContext.Current.SiteSettings.EnableBannedUsersToLogin;
// // If the installer is making the request terminate early
// if (csContext.ApplicationType == ApplicationType.Installer) {
// return;
// }
//csContext.User = CSContext.Current.User;
CSEvents.UserKnown(csContext.User);
ValidateApplicationStatus(csContext);
// Track anonymous users
//
Users.TrackAnonymousUsers(context);
// Do we need to force the user to login?
//
if (context.Request.IsAuthenticated)
{
string username = context.User.Identity.Name;
if (username != null)
{
string[] roles = CommunityServer.Components.Roles.GetUserRoleNames(username);
if (roles != null && roles.Length > 0)
{
csContext.RolesCacheKey = string.Join(",",roles);
}
}
}
}
#endregion
Application BeginRequest#region Application BeginRequest
private void Application_BeginRequest(Object source, EventArgs e)
{
HttpApplication application = (HttpApplication)source;
HttpContext context = application.Context;
CSConfiguration config = CSConfiguration.GetConfig();
// If the installer is making the request terminate early
if (config.AppLocation.CurrentApplicationType == ApplicationType.Installer)
{
//CSContext.Create(context);
return;
}
CheckWWWStatus(config,context);
CSContext.Create(context, ReWriteUrl(context));
}
private void CheckWWWStatus(CSConfiguration config, HttpContext context)
{
if(config.WWWStatus == WWWStatus.Ignore)
return;
const string withWWW = "http://www.";
const string noWWW = "http://";
string rawUrl = context.Request.Url.ToString().ToLower();
bool isWWW = rawUrl.StartsWith(withWWW);
if(config.WWWStatus == WWWStatus.Remove && isWWW)
{
context.Response.Redirect(rawUrl.Replace(withWWW, noWWW));
}
else if(config.WWWStatus == WWWStatus.Require && !isWWW)
{
context.Response.Redirect(rawUrl.Replace(noWWW, withWWW));
}
}
ReWriteUrl#region ReWriteUrl
private bool ReWriteUrl(HttpContext context)
{
// we're now allowing each individual application to be turned on and off individually. So before we allow
// a request to go through we need to check if this product is disabled and the path is for the disabled product,
// if so we display the disabled product page.
//
// I'm also allowing the page request to go through if the page request is for an admin page. In the past if you
// disabled the forums you were locked out, now with this check, even if you're not on the same machine but you're accessing
// an admin path the request will be allowed to proceed, where the rest of the checks will ensure that the user has the
// permission to access the specific url.
// Url Rewriting
//
//RewriteUrl(context);
string newPath = null;
string path = context.Request.Path;
bool isReWritten = SiteUrls.RewriteUrl(path,context.Request.Url.Query,out newPath);
//very wachky. The first call into ReWritePath always fails with a 404.
//calling ReWritePath twice actually fixes the probelm as well. Instead,
//we use the second ReWritePath overload and it seems to work 100%
//of the time.
if(isReWritten && newPath != null)
{
string qs = null;
int index = newPath.IndexOf('?');
if (index >= 0)
{
qs = (index < (newPath.Length - 1)) ? newPath.Substring(index + 1) : string.Empty;
newPath = newPath.Substring(0, index);
}
context.RewritePath(newPath,null,qs);
}
return isReWritten;
}
#endregion
private void ValidateApplicationStatus(CSContext cntx)
{
if(!cntx.User.IsAdministrator)
{
string disablePath = null;
switch(cntx.Config.AppLocation.CurrentApplicationType)
{
case ApplicationType.Forum:
if(cntx.SiteSettings.ForumsDisabled)
disablePath = "ForumsDisabled.htm";
break;
case ApplicationType.Weblog:
if(cntx.SiteSettings.BlogsDisabled)
disablePath = "BlogsDisabled.htm";
break;
case ApplicationType.Gallery:
if(cntx.SiteSettings.GalleriesDisabled)
disablePath = "GalleriesDisabled.htm";
break;
case ApplicationType.GuestBook:
if(cntx.SiteSettings.GuestBookDisabled)
disablePath = "GuestBookDisabled.htm";
break;
case ApplicationType.Document: //新增 ugoer
if(cntx.SiteSettings.DocumentDisabled)
disablePath = "DocumentsDisabled.htm";
break;
}
if(disablePath != null)
{
string errorpath = cntx.Context.Server.MapPath(string.Format("~/Languages/{0}/errors/{1}",cntx.Config.DefaultLanguage,disablePath));
using(StreamReader reader = new StreamReader(errorpath))
{
string html = reader.ReadToEnd();
reader.Close();
cntx.Context.Response.Write(html);
cntx.Context.Response.End();
}
}
}
}
#endregion
}
}
在Web.Config中的配置:
<httpModules>
<add name="CommunityServer" type="CommunityServer.CSHttpModule, CommunityServer.Components" />
<add name="Profile" type="Microsoft.ScalableHosting.Profile.ProfileModule, MemberRole, Version=1.0.0.0, Culture=neutral, PublicKeyToken=b7c773fb104e7562"/>
<add name="RoleManager" type="Microsoft.ScalableHosting.Security.RoleManagerModule, MemberRole, Version=1.0.0.0, Culture=neutral, PublicKeyToken=b7c773fb104e7562" />
</httpModules>
CSHttpModule.cs UML:
要實(shí)現(xiàn)HttpModule功能需要如下步驟:
1.編寫一個(gè)類,實(shí)現(xiàn)IhttpModule接口
2.實(shí)現(xiàn)Init 方法,并且注冊(cè)需要的方法
3.實(shí)現(xiàn)注冊(cè)的方法
4.實(shí)現(xiàn)Dispose方法,如果需要手工為類做一些清除工作,可以添加Dispose方法的實(shí)現(xiàn),但這不是必需的,通常可以不為Dispose方法添加任何代碼。
5.在Web.config文件中,注冊(cè)您編寫的類
到這里我們還需要了解一個(gè)Asp.Net的運(yùn)行過(guò)程:
在圖中第二步可以看到當(dāng)請(qǐng)求開(kāi)始的時(shí)候,馬上就進(jìn)入了HttpModule,在CS中由于實(shí)現(xiàn)了HttpModule的擴(kuò)展CSHttpModule.cs 類,因此當(dāng)一個(gè)web請(qǐng)求發(fā)出的時(shí)候(如:一個(gè)用戶訪問(wèn)他的blog),CS系統(tǒng)首先調(diào)用CSHttpModule.cs類,并且進(jìn)入
public void Init(HttpApplication application)
該方法進(jìn)行初始化事件:
application.BeginRequest += new EventHandler(this.Application_BeginRequest);
application.AuthenticateRequest += new EventHandler(Application_AuthenticateRequest);
application.Error += new EventHandler(this.Application_OnError);
application.AuthorizeRequest += new EventHandler(this.Application_AuthorizeRequest);
有事件就要有對(duì)應(yīng)的處理方法:
private void Application_BeginRequest(Object source, EventArgs e)
private void Application_AuthenticateRequest(Object source, EventArgs e)
private void Application_OnError (Object source, EventArgs e)
private void Application_AuthorizeRequest (Object source, EventArgs e)
事件被初始化后就等待系統(tǒng)的觸發(fā),請(qǐng)求進(jìn)入下一步此時(shí)系統(tǒng)觸發(fā)Application_BeginRequest事件,事件處理內(nèi)容如下:
private void Application_BeginRequest(Object source, EventArgs e)
{
HttpApplication application = (HttpApplication)source;
HttpContext context = application.Context;
CSConfiguration config = CSConfiguration.GetConfig();
// If the installer is making the request terminate early
if (config.AppLocation.CurrentApplicationType == ApplicationType.Installer)
{
//CSContext.Create(context);
return;
}
CheckWWWStatus(config,context);
CSContext.Create(context, ReWriteUrl(context));
}
private void CheckWWWStatus(CSConfiguration config, HttpContext context)
{
if(config.WWWStatus == WWWStatus.Ignore)
return;
const string withWWW = "http://www.";
const string noWWW = "http://";
string rawUrl = context.Request.Url.ToString().ToLower();
bool isWWW = rawUrl.StartsWith(withWWW);
if(config.WWWStatus == WWWStatus.Remove && isWWW)
{
context.Response.Redirect(rawUrl.Replace(withWWW, noWWW));
}
else if(config.WWWStatus == WWWStatus.Require && !isWWW)
{
context.Response.Redirect(rawUrl.Replace(noWWW, withWWW));
}
}
ReWriteUrl#region ReWriteUrl
private bool ReWriteUrl(HttpContext context)
{
// we're now allowing each individual application to be turned on and off individually. So before we allow
// a request to go through we need to check if this product is disabled and the path is for the disabled product,
// if so we display the disabled product page.
//
// I'm also allowing the page request to go through if the page request is for an admin page. In the past if you
// disabled the forums you were locked out, now with this check, even if you're not on the same machine but you're accessing
// an admin path the request will be allowed to proceed, where the rest of the checks will ensure that the user has the
// permission to access the specific url.
// Url Rewriting
//
//RewriteUrl(context);
string newPath = null;
string path = context.Request.Path;
bool isReWritten = SiteUrls.RewriteUrl(path,context.Request.Url.Query,out newPath);
//very wachky. The first call into ReWritePath always fails with a 404.
//calling ReWritePath twice actually fixes the probelm as well. Instead,
//we use the second ReWritePath overload and it seems to work 100%
//of the time.
if(isReWritten && newPath != null)
{
string qs = null;
int index = newPath.IndexOf('?');
if (index >= 0)
{
qs = (index < (newPath.Length - 1)) ? newPath.Substring(index + 1) : string.Empty;
newPath = newPath.Substring(0, index);
}
context.RewritePath(newPath,null,qs);
}
return isReWritten;
}
#endregion
這個(gè)事件主要做兩個(gè)事情
a:為發(fā)出請(qǐng)求的用戶初始化一個(gè)Context,初始化Context用到了線程中本地?cái)?shù)據(jù)槽(LocalDataStoreSlot),把當(dāng)前用戶請(qǐng)求的上下文(contextb)保存在為此請(qǐng)求開(kāi)辟的內(nèi)存中。
b:判斷是否需要重寫 URL(檢查是否需要重寫的過(guò)程是對(duì)SiteUrls.config文件中正則表達(dá)式和對(duì)應(yīng)Url處理的過(guò)程),如果需要重寫URL,就執(zhí)行asp.net級(jí)別上的RewritePath方法獲得新的路徑,新的路徑才是真正的請(qǐng)求信息所在的路徑。這個(gè)專題不是講URL Rewrite,所以只要明白URL在這里就進(jìn)行Rewrite就可以了,具體的后面專題會(huì)敘述。
處理完 Application_BeginRequest 后進(jìn)程繼向下執(zhí)行,隨后觸發(fā)了Application_AuthenticateRequest(如果有朋友不明白這個(gè)執(zhí)行過(guò)程,可以通過(guò)調(diào)試中設(shè)置多個(gè)斷點(diǎn)捕獲事件執(zhí)行的順序。如果你還不會(huì)調(diào)試,可以留言偷偷的告訴我,嘿嘿。), Application_AuthenticateRequest事件初始化一個(gè)context的Identity,其實(shí)CS提供了很多的 Identity支持,包括Microsoft passport,但是目前的版本中使用的是默認(rèn)值 System.Web.Security.FormsIdentity。具體代碼如下:
private void Application_AuthenticateRequest(Object source, EventArgs e)
{
HttpContext context = HttpContext.Current;
Provider p = null;
ExtensionModule module = null;
// If the installer is making the request terminate early
if (CSConfiguration.GetConfig().AppLocation.CurrentApplicationType == ApplicationType.Installer) {
return;
}
// Only continue if we have a valid context
//
if ((context == null) || (context.User == null))
return;
try
{
// Logic to handle various authentication types
//
switch(context.User.Identity.GetType().Name.ToLower())
{
// Microsoft passport
case "passportidentity":
p = (Provider) CSConfiguration.GetConfig().Extensions["PassportAuthentication"];
module = ExtensionModule.Instance(p);
if(module != null)
module.ProcessRequest();
else
goto default;
break;
// Windows
case "windowsidentity":
p = (Provider) CSConfiguration.GetConfig().Extensions["WindowsAuthentication"];
module = ExtensionModule.Instance(p);
if(module != null)
聲明:本網(wǎng)頁(yè)內(nèi)容旨在傳播知識(shí),若有侵權(quán)等問(wèn)題請(qǐng)及時(shí)與本網(wǎng)聯(lián)系,我們將在第一時(shí)間刪除處理。TEL:177 7030 7066 E-MAIL:11247931@qq.com
Copyright ? 2019-2025 www.alabama37th.com 版權(quán)所有
違法及侵權(quán)請(qǐng)聯(lián)系:TEL:177 7030 7066 E-MAIL:11247931@qq.com 本站由北京市萬(wàn)商天勤律師事務(wù)所王興未律師提供法律服務(wù)
