直接帖代码:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Security;
namespace WebUI.tempFolder
{
public class GlobalHttpModule : IHttpModule
{
public void Dispose()
{
}
public void Init(HttpApplication context)
{
context.BeginRequest += new EventHandler(context_BeginRequest);
}
public bool HttpPost
{
get
{
return HttpContext.Current.Request.HttpMethod.Equals("POST");
}
}
public bool IsCrossSitePost
{
get
{
if (HttpPost)
{
if (Convert.ToString(HttpContext.Current.Request.UrlReferrer).Length < 7)
{
return true;
}
Uri u = new Uri(Convert.ToString(HttpContext.Current.Request.UrlReferrer));
return u.Host != HttpContext.Current.Request.Url.Host;
}
return false;
}
}
private static string MD5(string Input, bool Half)
{
string text1 = FormsAuthentication.HashPasswordForStoringInConfigFile(Input, "MD5").ToLower();
if (Half)
{
text1 = text1.Substring(8, 0x10);
}
return text1;
}
private bool IsReSubmit(ref HttpApplication context, out string errorMessage)
{
errorMessage = null;
string cookieValue = (context.Request.Cookies["token"] == null) ? string.Empty : context.Request.Cookies["token"].Value;
string formValue = MD5((context.Request.Form == null) ? string.Empty : context.Request.Form.ToString(), true);
if (cookieValue != formValue)
{
context.Response.Cookies["token"].Value = formValue;
return false;
}
return true;
}
public void context_BeginRequest(object sender, EventArgs e)
{
HttpApplication context = sender as HttpApplication;
if (IsCrossSitePost)
{
//跨站点提交,被禁止
context.Response.Redirect("~/Default.aspx");
context.Response.End();
}
if (HttpPost)
{
string errorMessage;
bool IsReSubmitFlag = IsReSubmit(ref context, out errorMessage);
if (IsReSubmitFlag)
{
//重复提交
context.Context.Items["error"] = "不允许重复提交";
}
}
}
}
}
最后在 web.config 中注册
<httpModules>
<add name="GlobalHttpModule" type="WebUI.tempFolder.GlobalHttpModule"/>
</httpModules>
谢谢浏览!