简体繁体 English

在 ASP.NET 中放置身份验证检查的位置

[英]Where to place authentication check in ASP.NET

原文 2012-04-09 16:50:44 0 4 c#/ asp.net/ aop

I have some code used to determine if a user is logged in and I want to put this on every page in an ASP.NET website so that only logged in users can view it.我有一些代码用于确定用户是否登录，我想将它放在 ASP.NET 网站的每个页面上，以便只有登录用户才能查看它。 The problem is that the site is split into multiple projects/solutions so maintaining the single piece of code might be hard.问题是该站点被分成多个项目/解决方案，因此维护单个代码可能很困难。

I was thinking I could create a class that inherits for System.Web.UI.Page and overrides Page_Init , but that would require changing all pages so they inherit from new new class. Also I don't think this will work across projects.我在想我可以创建一个 class 继承System.Web.UI.Page并覆盖Page_Init ，但这需要更改所有页面，以便它们从新的新 class 继承。而且我认为这不会跨项目工作。

So then I thought approaching the problem from a different side: using AOP.所以我想从不同的方面来解决这个问题：使用 AOP。 I have never used Aspects before but it looks like I could use PostSharp to write an Aspect that injects code before every Page_Init (or maybe Page_Load ?).我以前从未使用过 Aspects，但看起来我可以使用 PostSharp 编写一个在每个Page_Init （或者Page_Load ？）之前注入代码的 Aspect。 This might work as a quick solution but I might run into problems if I need a page to not perform the authentication check (available to everyone).这可能是一个快速的解决方案，但如果我需要一个页面来不执行身份验证检查（每个人都可以使用），我可能会遇到问题。

Just to clarify, I already have a login solution;澄清一下，我已经有了一个登录解决方案； I am just looking for a checking that login on each page.我只是想检查每个页面上的登录信息。

4 个解决方案

Look into HttpModules.查看 HttpModules。 The asp.net framework is already programmed so that a module runs on every page request, you just have to write it and add it to web.config. asp.net 框架已经编程，因此一个模块在每个页面请求上运行，您只需编写它并将其添加到 web.config。

http://msdn.microsoft.com/en-us/library/zec9k340(v=vs.71).aspx http://msdn.microsoft.com/en-us/library/zec9k340(v=vs.71).aspx

EDIT: Here's a better link that demonstrates handling the BeginRequest event http://msdn.microsoft.com/en-us/library/ms227673(v=vs.85).aspx编辑：这是一个更好的链接，演示了如何处理 BeginRequest 事件http://msdn.microsoft.com/en-us/library/ms227673(v=vs.85).aspx

As @jrummell mentioned, there's MembershipProvider which is a great option, but if you're creating custom login solition, check this link which has a pretty simple login implementation step by step正如@jrummell 提到的， MembershipProvider是一个不错的选择，但是如果您要创建自定义登录解决方案，请查看此链接，它有一个非常简单的登录实现步骤

Since you seem to have your login solution handled and working, creating a class that overrides the page_init sounds like your best option.由于您似乎已经处理并运行了登录解决方案，因此创建一个覆盖 page_init 的 class 听起来是您的最佳选择。 This can work across other projects by simply creating that class in a separate project that you can included in your other solution(s)... To be honest, that's the easiest way to span the logic across multiple projects.. This will also be easily maintained because you'd only have to update one location going forward.这可以通过简单地在一个单独的项目中创建 class 来跨其他项目工作，您可以将其包含在其他解决方案中......老实说，这是跨越多个项目的逻辑的最简单方法。这也将是易于维护，因为您以后只需更新一个位置。

If you are using MasterPages, you wouldn't have to hit all of the pages, you could just include it on specific MasterPage(s) and set all the pages you want authentication to use that MasterPage.如果您使用的是 MasterPages，则不必访问所有页面，只需将其包含在特定的 MasterPage 上，然后将您希望身份验证的所有页面设置为使用该 MasterPage。

Windows Identity Foundation can solve this for you. Windows Identity Foundation 可以为您解决这个问题。 See http://msdn.microsoft.com/en-us/security/aa570351 for details on WIF.有关 WIF 的详细信息，请参阅http://msdn.microsoft.com/en-us/security/aa570351 。 No need to reinvent the wheel.无需重新发明轮子。 If you had only one Web application, Forms authentication would suffice.如果您只有一个 Web 应用程序，则 Forms 身份验证就足够了。