当前位置: 文江博客话题详情

验证请求事件

发布于 2024-07-20 21:40:21 字数 1609 浏览 4 评论 0原文


问 1. 据我了解,FormsAuthenticationModule 订阅了 AuthenticateRequest 事件,因此只有在触发该事件后,才会调用 FormsAuthenticationModule。 但以下引用让我有点困惑:

  1. AuthenticateRequest 事件表示配置的身份验证机制已对当前请求进行身份验证。

    • 上面的引用是否表明,当引发 AuthenticateRequest 事件时,请求(也称为用户)已经通过身份验证?
  2. <块引用>

    订阅 AuthenticateRequest 事件可确保在处理附加模块或事件处理程序之前对请求进行身份验证。

    • 据我理解这句话,如果我们订阅 AuthenticatedRequest,那么我们的事件处理程序将在 FormsAuthenticationModule 之前调用? 因此 Application_AuthenticateRequest() 将在调用 FormsAuthenticationModule 之前调用?


问题2.我正在学习的书建议,在Application_AuthenticateRequest()中,我们能够验证用户是否是特定角色的成员,如果不是,我们可以自动添加用户:

    protected void Application_AuthenticateRequest(Object sender, EventArgs e)
    {
            if (User.Identity.IsAuthenticated && Roles.Enabled)
            {

                //here we can subscribe user to a role via Roles.AddUserToRole()
            }       
    }

从上面的代码来看,Application_AuthenticateRequest()是在调用FormsAuthenticationModule之后调用的,但同一本书的其他地方暗示Application_AuthenticateRequest()被调用在 FormsAuthenticationModule 之前:

<块引用>

Application_AuthenticateRequest 在执行身份验证之前调用。 这是创建您自己的身份验证逻辑的起点。


我错过了什么?


谢谢

原文

Q 1. To my understanding FormsAuthenticationModule is subscribed to AuthenticateRequest event, and thus only after this event is fired, is FormsAuthenticationModule called. But the following quotes got me a bit confused:

  1. The AuthenticateRequest event signals that the configured authentication mechanism has authenticated the current request.

    • Doesn’t the above quote suggest that when AuthenticateRequest event is raised, request (aka user) is already authenticated?

  2. Subscribing to the AuthenticateRequest event ensures that the request will be authenticated before processing the attached module or event handler.

    • As far as I understand this quote, if we subscribe to AuthenticatedRequest, then our event handler will be called prior to FormsAuthenticationModule? Thus Application_AuthenticateRequest() will be called before FormsAuthenticationModule is called?

Q 2. Book I’m learning from suggests that within Application_AuthenticateRequest() we are able to verify whether user is a member of specific role, and if not, we can add the user automatically:

    protected void Application_AuthenticateRequest(Object sender, EventArgs e)
    {
            if (User.Identity.IsAuthenticated && Roles.Enabled)
            {

                //here we can subscribe user to a role via Roles.AddUserToRole()
            }       
    }

Judging from the above code, Application_AuthenticateRequest() is called after FormsAuthenticationModule has been invoked, but somewhere else same book implies that Application_AuthenticateRequest() is called prior to FormsAuthenticationModule:

Application_AuthenticateRequest is called just before authentication is performed.
This is a jumping-off point for creating your own authentication logic.

What am I missing?

Thanx

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

甜味超标? 2024-07-27 21:40:21

似乎 FormsAuthenticationModule 首先得到处理。 该模块通常早于 ASP.NET 管道中的任何自定义模块,因此当 AuthenticateRequest 被触发时,FormsAuthenticationModule 将首先被调用,完成其工作,然后调用模块的事件处理程序。

如果您确实想深入研究这一点,我建议您尝试自己调试 ASP.NET 代码。 这是一篇如何设置 VS 的文章:

http://weblogs.asp.net/scottgu/archive/2008/01/16/net-framework-library-source-code-now-available.aspx

编辑:我能够通过在 Global.asax 中使用自定义模块和事件处理程序设置一个 Web 项目来确认此行为。 看一下HttpApplication.InitInternal的源码,初始化的顺序如下:

  • 集成模块的初始化:FormsAuthenticationModule 挂接 HttpApplication.AuthenticateRequest 事件
  • 自定义模块的初始化:自定义模块挂接
  • Global 的 HttpApplication.AuthenticateRequest 事件初始化类(global.asax):这里我们连接到AuthenticateRequest事件
  • HttpApplication.InitInternal按照特定的名称模式(例如Application_AuthenticateRequest)搜索Global类上的方法,将它们与事件匹配并连接

初始化后,当AuthenticateRequest触发时,事件处理程序按照初始化的顺序调用,因此:

  • FormsAuthenticationModule.AuthenticateRequest 事件处理程序
  • CustomModule.AuthenticateRequest 事件处理程序
  • Global.AuthenticateRequest 事件处理程序
  • Global.Application_AuthenticateRequest 方法

除非我错过了某些内容,否则没有机制可以阻止事件处理程序触发,因此,无论 FormsAuthenticationModule.AuthenticateRequest 的结果如何,下一个处理程序仍然会被调用。 我希望这有帮助。

It seems that the FormsAuthenticationModule gets handled first. This module is normally earlier than any custom module in the ASP.NET pipeline, so when AuthenticateRequest is fired, FormsAuthenticationModule will get called first, do its job and then your module's event handler will be called.

If you really want to dig deep into this, I suggest trying to debug the ASP.NET code yourself. Here is a post how to set up your VS:

http://weblogs.asp.net/scottgu/archive/2008/01/16/net-framework-library-source-code-now-available.aspx

EDIT: I was able to confirm this behavior by setting up a web project with custom module and event handlers in Global.asax. Take a look at the source code of HttpApplication.InitInternal, the order of initialization is as follows:

  • initialization of integrated modules: FormsAuthenticationModule hooks up to HttpApplication.AuthenticateRequest event
  • initialization of custom modules: custom module hooks up to HttpApplication.AuthenticateRequest event
  • initialization of Global class (global.asax): here we hook up to the AuthenticateRequest event
  • HttpApplication.InitInternal searches for methods on Global class following the specific name pattern (e.g. Application_AuthenticateRequest), matches them to event and hooks up

After the initialization, when the AuthenticateRequest fires, the event handlers are called in the order they where initialized, so:

  • FormsAuthenticationModule.AuthenticateRequest event handler
  • CustomModule.AuthenticateRequest event handler
  • Global.AuthenticateRequest event handler
  • Global.Application_AuthenticateRequest method

Unless I missed something, there is no mechanism for stopping the event handlers to fire, so no matter what the result of FormsAuthenticationModule.AuthenticateRequest, the next handlers will still be called. I hope that helps.

回复 原文
北方的韩爷 2024-07-27 21:40:21

如果您想访问 User 对象,我建议您使用

protected void Application_Start()
{
    PostAuthenticateRequest += Application_PostAuthenticateRequest;
}

protected void Application_PostAuthenticateRequest(object sender, EventArgs e)
{
    if(User.Identity.IsAuthenticated)
    {
        //Do stuff here
    }
}

If you want access to the User object, I'd suggest you use

protected void Application_Start()
{
    PostAuthenticateRequest += Application_PostAuthenticateRequest;
}

protected void Application_PostAuthenticateRequest(object sender, EventArgs e)
{
    if(User.Identity.IsAuthenticated)
    {
        //Do stuff here
    }
}
回复 原文
~没有更多了~

关于作者

孤蝉

暂无简介

0 文章
0 评论
21 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

不再见

文章 0 评论 0

真是无聊啊

文章 0 评论 0

樱娆

文章 0 评论 0

浅语花开

文章 0 评论 0

烛光

文章 0 评论 0

绻影浮沉

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文