问题描述
什么很酷的功能和方法做的的您的添加到您的ASP.net 的BasePage:System.Web.UI.Page 类?
示例
这里的东西我使用的身份验证,我想听听您对此的看法:
保护覆盖无效在preINIT(EventArgs的发送)
{
base.On preINIT(E); //验证code省略......基本上下同。 如果(_RequiresAuthentication&安培;&安培;!(IsAuthorized))
{
RespondForbidden(您没有权限浏览这个页面。UnauthorizedRedirect);
返回;
}
}//该函数在每一页覆盖子类和配合到各页的
//自己的授权要求。
//这也使级联授权检查,
//例如:用户有权查看的网页?否 - base.IsAuthorized - 用户是管理员?
受保护的虚拟BOOL IsAuthorized
{
获得{返回true; }
}
我BasePage类包含这个类的一个实例:
公共类状态$ C $ {cResponse 公共状态codeResponse(HttpContext的背景下){
this._context =背景;
} ///<总结>
///回应一个指定的状态code,如果指定了 - 转会到一个页面。
///< /总结>
私人无效RespondStatus code(HttpContext的背景下,System.Net.HttpStatus code状态,字符串消息,串传输)
{
如果(string.IsNullOrEmpty(转))
{
抛出新的HttpException((INT)状态,消息);
} context.Response.Status code =(INT)状态;
context.Response.StatusDescription =消息;
context.Server.Transfer(转让);
} 公共无效RespondForbidden(字符串消息,串传输)
{
RespondStatus code(this._context,System.Net.HttpStatus code.Forbidden,消息传递);
} //而一些更喜欢这些...}
作为一个方面说明,这可能使用了的Htt presponse 对象扩展方法来完成。
和另一种方法,我觉得非常方便解析查询字符串INT参数:
公共BOOL ParseId(串场,OUT INT结果)
{
回报(int.TryParse(的Request.QueryString [现场],出结果)及和放大器;结果大于0);
}
- 会话相关的东西,在映射到一个会话的BasePage一些复杂的物体,并将其公开为一个属性。
- 做的东西像灌了崩溃垫对象。
但最重要的:不要让你的BasePage到一些辅助类。不喜欢 ParseId添加的东西(),这只是可笑。
此外,根据第一个帖子:作出这样 IsAuthorized 东西的摘要即可。这样,如果有人忘记,有一些虚方法,你不创造巨大的安全漏洞。
What cool functionality and methods do you add to your ASP.net BasePage : System.Web.UI.Page classes?
Examples
Here's something I use for authentication, and I'd like to hear your opinions on this:
protected override void OnPreInit(EventArgs e)
{
base.OnPreInit(e);
// Authentication code omitted... Essentially same as below.
if (_RequiresAuthentication && !(IsAuthorized))
{
RespondForbidden("You do not have permissions to view this page.", UnauthorizedRedirect);
return;
}
}
// This function is overridden in each page subclass and fitted to each page's
// own authorization requirements.
// This also allows cascading authorization checks,
// e.g: User has permission to view page? No - base.IsAuthorized - Is user an admin?
protected virtual bool IsAuthorized
{
get { return true; }
}
My BasePage class contains an instance of this class:
public class StatusCodeResponse {
public StatusCodeResponse(HttpContext context) {
this._context = context;
}
/// <summary>
/// Responds with a specified status code, and if specified - transfers to a page.
/// </summary>
private void RespondStatusCode(HttpContext context, System.Net.HttpStatusCode status, string message, string transfer)
{
if (string.IsNullOrEmpty(transfer))
{
throw new HttpException((int)status, message);
}
context.Response.StatusCode = (int)status;
context.Response.StatusDescription = message;
context.Server.Transfer(transfer);
}
public void RespondForbidden(string message, string transfer)
{
RespondStatusCode(this._context, System.Net.HttpStatusCode.Forbidden, message, transfer);
}
// And a few more like these...
}
As a side note, this could be accomplished using extension methods for the HttpResponse object.
And another method I find quite handy for parsing querystring int arguments:
public bool ParseId(string field, out int result)
{
return (int.TryParse(Request.QueryString[field], out result) && result > 0);
}
- Session related stuff, some complex object in the BasePage that maps to a session, and expose it as a property.
- Doing stuff like filling a crumble pad object.
But most important: do not make your basepage into some helper class. Don't add stuff like ParseId(), that's just ridiculous.
Also, based on the first post: make stuff like IsAuthorized abstract. This way you don't create giant security holes if someone forgets that there is some virtual method.
这篇关于ASP.net&QUOT;&的BasePage QUOT;类的想法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!