自定義HttpModule，用于未登錄用戶，不彈出Windows認(rèn)證窗口，而是跳轉(zhuǎn)回SSO站點(diǎn)

2019-11-17 02:07:50

字體：大中小

供稿：網(wǎng)友

自定義HttpModule，用于未登錄用戶，不彈出Windows認(rèn)證窗口，而是跳轉(zhuǎn)回SSO站點(diǎn)

2012年的一篇隨筆記錄，可以學(xué)習(xí)到如何自定義HttpModule，而具體里面針對需求開發(fā)的代碼，可能未必能讓大伙了解到什么，可快速掃描而過。

  1 using System;  2 using System.Web;  3    4 using System.Configuration;  5 using System.Web.Configuration;  6 using Microsoft.SharePoint;  7 using System.Net;  8 using System.Security.PRincipal;  9   10 namespace Webapplication1.EventHandlers 11 { 12     /// <summary> 13     /// Windows認(rèn)證下實(shí)現(xiàn)URL重定向，如: 14     /// 1、未登錄用戶，不彈出Windows認(rèn)證窗口，而是跳轉(zhuǎn)回SSO站點(diǎn)； 15     /// 2、支持SharePoint匿名站點(diǎn)，暫時(shí)不支持文檔庫或列表庫斷開繼承后匿名訪問的情況 16     /// </summary> 17     public class SSORedirect : IHttpModule 18     { 19         public void Dispose() 20         { 21             //throw new NotImplementedException(); 22         } 23   24         public void Init(HttpApplication context) 25         { 26             context.AuthenticateRequest += new EventHandler(context_AuthenticateRequest); 27         } 28   29         /// <summary> 30         /// 當(dāng)asp.net 運(yùn)行時(shí)準(zhǔn)備驗(yàn)證用戶身份的時(shí)候引發(fā)這個(gè)事件 31         /// </summary> 32         /// <param name="sender"></param> 33         /// <param name="e"></param> 34         internal void context_AuthenticateRequest(object sender, EventArgs e) 35         { 36             try 37             { 38                 // 忽略POSTBack的請求 39                 HttpContext context = HttpContext.Current; 40                 if (context == null || context.Request.HttpMethod.ToUpper() == "POST") 41                 { 42                     return; 43                 } 44   45                 if (IsWindowsAuth()) 46                 { 47                     string url = context.Request.Url.AbsolutePath.ToString().ToLower();//"/" 48                     string fullUrl = context.Request.Url.OriginalString.ToString().ToLower();//"http://yxjt.contoso.com:80/" 49   50                     string strssOUrl = "/Test/Default.aspx";//ConfigurationManager.AppSettings["SSOUrl"]; 51                     if (!string.IsNullOrEmpty(strSSOUrl)) 52                     { 53                         if (url.IndexOf(strSSOUrl.ToLower()) == -1) 54                         { 55                             if (!IsAnonymous(fullUrl))//是否為非匿名訪問的頁面 56                             { 57                                 if (!context.Request.IsAuthenticated && IsValidUrl(url))//是否為未登錄用戶，并且是需驗(yàn)證的有效的地址 58                                 { 59                                     context.Response.Redirect(strSSOUrl); 60                                 } 61                             } 62                         } 63                     } 64                 } 65             } 66             catch (Exception ex) 67             { 68   69             } 70         } 71   72         /// <summary> 73         /// 判斷是否為Windows認(rèn)證 74         /// </summary> 75         /// <returns>是否為Windows認(rèn)證</returns> 76         private bool IsWindowsAuth() 77         { 78             Configuration c = WebConfigurationManager.OpenWebConfiguration("/web.config"); 79             AuthenticationSection auth = (AuthenticationSection)c.GetSection("system.web/authentication"); 80             return auth.Mode == AuthenticationMode.Windows; 81         } 82   83         /// <summary> 84         /// 判斷是否為允許匿名訪問的站點(diǎn) 85         /// </summary> 86         /// <param name="requestFullUrl">請求的地址，例如"http://yxjt.contoso.com:80/"</param> 87         /// <returns>是否為允許匿名訪問的站點(diǎn)</returns> 88         private bool IsAnonymous(string requestFullUrl) 89         { 90             bool isAnonymous = false; 91             requestFullUrl = requestFullUrl.Split(new char[] { '?' })[0]; 92   93             SPSecurity.RunWithElevatedPrivileges(delegate() 94             { 95                 SPSite site = new SPSite(requestFullUrl);//這里不要用using自動垃圾回收，否則拋異常 96                 SPWeb web = site.OpenWeb();//關(guān)鍵寫法 97                 isAnonymous = web.AllowAnonymousaccess; 98             }); 99             return isAnonymous;100         }101  102         /// <summary>103         /// 判斷是否是有效的地址104         /// </summary>105         /// <param name="requestUrl">請求的地址，例如"/"</param>106         /// <returns>是否是有效的地址</returns>107         private bool IsValidUrl(string requestUrl)108         {109             bool isValidUrl = false;110             requestUrl = requestUrl.Split(new char[] { '?' })[0];111             int index = requestUrl.LastIndexOf(".");112             if (index != -1)//是否包含.號113             {114                 isValidUrl = requestUrl.EndsWith(".aspx");//是否以.aspx結(jié)尾的url115             }116             else117             {118                 isValidUrl = true;119             }120             return isValidUrl;121         }122     }123 }