测试代码如下:
using System; using System.Collections.Generic; using System.Text; using System.Collections; using System.Web; using Test.Model; namespace TestPermission { class PermissionHttpModule : System.Web.IHttpModule { public void Init(HttpApplication httpApplication) { httpApplication.AcquireRequestState += (new EventHandler(this.Application_AcquireRequestState)); } private void Application_AcquireRequestState(Object source, EventArgs e) { HttpApplication httpApplication = (HttpApplication)source; string url = httpApplication.Context.Request.Path.ToLower(); if (url.IndexOf("/admin/") > -1 && httpApplication.Context.Session != null && httpApplication.Context.Session["Cache:Role"] != null) { IList list = (IList)httpApplication.Context.Session["Cache:Role"]; if (url.IndexOf("admin/users/") > -1 && !CheckPermission(list, "用户管理")) { ShowPagePermissionError(httpApplication); } } } public void Dispose() { } /// <summary> /// 是否有该模块的权限 /// </summary> /// <param name="list"></param> /// <param name="PermissionName"></param> /// <returns></returns> private bool CheckPermission(IList list, string PermissionName) { bool retBool = false; PermissionModel model; for (int i = 0; i < list.Count; i++) { model = (PermissionModel)list[i]; if (model.parentName == PermissionName) { retBool = true; break; } } return retBool; } /// <summary> /// 跳转到权限错误页 /// </summary> /// <param name="Application"></param> private void ShowPagePermissionError(HttpApplication Application) { Application.Context.Response.Redirect("../PermissionError.htm", true); } } }
例子中是按栏目来验证的,比如“用户管理”。
如果功能权限信息全面的话,同样可以做功能权限的验证。
当然,web.config中还要配置HttpModule,参考:
<configuration> <system.web> <httpModules>
<add name="PermissionHttpModule" type="TestPermission.PermissionHttpModule,TestPermission"/>
</httpModules> </system.web> </configuration>
MSDN资料:http://msdn.microsoft.com/zh-cn/library/vstudio/system.web.ihttpmodule(v=vs.80).aspx