session的检查可以考虑用一个http module挂在http pipeline上
过程如下:
1. 在Web.Config 配置:
<httpModules>
<!--Edas Authentication-->
<add name="eDASAuthenticationModule" type="CRMWeb.eDAS.HttpModules.eDASAuthenticationModule"/>
</httpModules>
2.添加httpmodule
代码:
把验证挂在了 PreRequestHandlerExecute 上 ,因为在这一步,session才被创建。
using System.Linq;
using System.Reflection;
using System.Web;
using CRMWeb.eDAS.Util;
using CRMWeb.eDAS.Entities;
namespace CRMWeb.eDAS.HttpModules
{
public class eDASAuthenticationModule : IHttpModule
{
#region IHttpModule Members
public void Dispose()
{
//clean-up code here.
}
public void Init(HttpApplication context)
{
context.PreRequestHandlerExecute += (sender, args) =>
{
var c = sender as HttpApplication;
CheckLoginState(c);
};
}
private void CheckLoginState(HttpApplication context)
{
if (context.Request.RawUrl.LastIndexOf('/') < 0)
return;
var requestPageName = GetPageNameFromUrl(context.Request.RawUrl);
ALWAYS allow Access Branch Login Page
if (eDASConstants.NavigatePage.BranchLoginUrl.Contains(requestPageName))
return;
var fields = typeof(eDASConstants.NavigatePage).GetFields
(BindingFlags.Public | BindingFlags.Static);
var allPages = fields.Select((t, i) => t.GetValue(t).ToString()).ToList();
//1.indicate NOT Request branch login , check ticket
if (EdasContext.TicketInfoSession.Current == null &&
allPages.Any(p => p.Contains(requestPageName)))
{
EdasContext.ClearAll();
context.Response.Redirect(eDASConstants.NavigatePage.BranchLoginUrl);
}
//2.indicate have ticket , if want to go sales person page , let him go
if (eDASConstants.NavigatePage.SalesPersonLoginUrl.Contains(requestPageName))
return;
//if do not want to go sales person login , check sales person session
if (EdasContext.SalesPersonSession.Current == null &&
allPages.Any(p => p.Contains(requestPageName)))
{
EdasContext.ClearCurrentCustomerSession();
context.Response.Redirect(eDASConstants.NavigatePage.SalesPersonLoginUrl);
}
//indicate sales person login session & ticket both have value
//if want to go customer queue , let him go
if (eDASConstants.NavigatePage.CustomerQueueInfoUrl.Contains(requestPageName))
return;
//3.sales person & ticket NOT null,if still want to go anywhere NOT queue page,check session if not go back
if (EdasContext.CustomerQueueSession.Current == null &&
!eDASConstants.NavigatePage.CustomerQueueInfoUrl.Contains(requestPageName) &&
allPages.Any(p => p.Contains(requestPageName)))
{
EdasContext.ClearCurrentCustomerSession();
context.Response.Redirect(eDASConstants.NavigatePage.CustomerQueueInfoUrl);
}
}
private string GetPageNameFromUrl(string url)
{
var indexOfSlash = url.LastIndexOf('/');
var nameWithQuery = url.Substring(indexOfSlash, url.Length - indexOfSlash);
var indexOfParam = url.IndexOf('?');
return url.Contains("?") ? url.Substring(0, indexOfParam) : nameWithQuery;
}
#endregion
}
}