开发者

The Application_PreRequestHandlerExecute event doesn't fire for PageMethods. What can I use instead?

问答 作者:

This article explains that the PreRequestHandlerExecute event does not fire for PageMethod calls for whatever reason. However, I'm trying to use that event to populate the Principal object with the user's permissions so they can be checked within any web request (PageMethod call or not). I'm caching the permissions in the Session, so I need an event that fires whenever a PageMethod is called, and I need to have access to the Session. Thi开发者_运维问答s way I can populate the Principal object with the security permissions cached in the session, and User.IsInRole() calls will work as expected. What event can I use?

You should implement an authorization module that will be run with every request that goes up to the server. This way you are able to authorize your principal for any request that come up to the server (page request, method, etc.)

public class AuthorizationModule : IHttpModule, IRequiresSessionState
{
    //not going to implement it fully, might not compile

    public void Init( HttpApplication context )
    {
       //you'll prolly want to hook up to the acquire request state event, but read up to make sure this is the one you want on the msdn
       context.AcquireRequestState += AuthorizeRequest;
    }

    public void AuthorizeRequest( HttpContextBase httpContext )
    {
       // do you work in here

       // you can redirect them wherever if they don't have permssion, log them out, etc
    }
  }
}

After you've crated the module, you'll need to hook it up in the web.config. Your type should include the namespace if it has one.

<httpModules>
  <add name="AuthorizationModule" type="AuthorizationModule"/>
</httpModules>

I hope this helps.

You can use the Application_OnPostAuthenticateRequest as shown below (assuming you are using Forms Authentication. Else, pls replace the code with your Authentication mechanism):

public void Application_OnPostAuthenticateRequest(object sender, EventArgs e)
{

    IPrincipal usr = HttpContext.Current.User;

    if (usr.Identity.IsAuthenticated && usr.Identity.AuthenticationType == "Forms")
    {
        var fIdent = (FormsIdentity)usr.Identity;
        var ci = new CustomIdentity(fIdent.Ticket);
        var p = new CustomPrincipal(ci);

        HttpContext.Current.User = p;
        Thread.CurrentPrincipal = p;
    }

}

Page Methods are static, and bypass the normal Page lifecycle, its objects and its events. The best you can do is pass authentication information as parameters to the Page Method itself.

From my point of view, you can:

1.- Use a common method you can call from every page method server code that have access to Session variables. Please refer to: http://mattberseth.com/blog/2007/06/aspnet_ajax_use_pagemethods_pr.html

2.- Try to capture a similar behaviour later using __doPostBack() function to run server code. See if this work for you to capture page method async posbacks: http://www.dotnetcurry.com/ShowArticle.aspx?ID=256

Hope that helps,

继续阅读:asp.netglobal-asaxpagemethodssession

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9