简介
一个简单易扩展的HTTP跳转HTTPS的框架。由配置文件配置规则,然后在HTTPMODULE里截获请求进行规则验证是否跳转HTTPS.
组成:
- web.config,用来配置规则
- HttpsConfiguration,用于读取配置文件
- HttpSecurityModule,用来截获请求触发规则验证
- RequestProcessor,用既有规则验证请求
- PathsMatcher,多路径(URL)匹配器
- PathMatcher,单URL路径匹配器
- PathMatcherFactory,用于创建StartsWith或Exact具体URL路径,可进行更多扩展,如正则表达式匹配。
- SecureRedirection,跳转HTTPS
WEB.CONFIG
<configSections>
<section name="HttpsConfiguration" type="ICStars2_0.Common.ConfigSections.HttpsConfiguration, ICStars2_0.Common, Version=1.0.0.0, Culture=neutral" />
</configSections>
<HttpsConfiguration mode="On">
<paths>
<add path="/Test" />
<add path="/Account" security="Ignore" />
<add path="/Account/Check.aspx" matchType="Exact" />
<add path="/Member" matchType="StartsWith" />
</paths>
</HttpsConfiguration>
mode选项On/Off, 开启或不开启HTTPS跳转
<add path=""/>, 添加一个URL验证规则。 默认security="Secure"并且matchType="StartsWith"
<add path="" security="" matchType="" />,添加一个URL验证规则并设置具体选项。security选项Secure/Ignore,进行HTTPS跳转或忽略当前设置。matchType选项Exact/StartsWith,进行完全匹配或仅匹配开始字串。
HttpsConfiguration
namespace ICStars2_0.Common.ConfigSections
{
public enum Mode
{
On,
Off
}
public enum RequestSecurity
{
Secure,
Ignore
}
public enum PathMatchType
{
Exact,
StartsWith
}
internal sealed class ElementNames
{
internal const string Mode = "mode";
internal const string Paths = "paths";
internal const string MatchType = "matchType";
internal const string Path = "path";
internal const string Security = "security";
}
public class HttpsConfiguration : ConfigurationSection
{
[ConfigurationProperty(ElementNames.Mode, DefaultValue = Mode.On)]
public Mode Mode
{
get { return this[ElementNames.Mode] is Mode ? (Mode) this[ElementNames.Mode] : Mode.On; }
}
[ConfigurationProperty(ElementNames.Paths, IsRequired = true)]
public HttpsPathCollection Paths
{
get
{
return this[ElementNames.Paths] as HttpsPathCollection;
}
}
}
public class HttpsPathCollection:ConfigurationElementCollection
{
public HttpsPath this[int index]
{
get
{
return base.BaseGet(index) as HttpsPath;
}
set
{
if (base.BaseGet(index) != null)
{
base.BaseRemoveAt(index);
}
this.BaseAdd(index, value);
}
}
protected override ConfigurationElement CreateNewElement()
{
return new HttpsPath();
}
protected override object GetElementKey(ConfigurationElement element)
{
return ((HttpsPath)element).Path;
}
}
public class HttpsPath:ConfigurationElement
{
[ConfigurationProperty(ElementNames.Path)]
public string Path
{
get
{
return this[ElementNames.Path] as string;
}
}
[ConfigurationProperty(ElementNames.MatchType, DefaultValue=PathMatchType.StartsWith)]
public PathMatchType MatchType
{
get
{
return this[ElementNames.MatchType] is PathMatchType ? (PathMatchType) this[ElementNames.MatchType] : PathMatchType.Exact;
}
}
[ConfigurationProperty(ElementNames.Security,DefaultValue=RequestSecurity.Secure)]
public RequestSecurity Security
{
get
{
return this[ElementNames.Security] is RequestSecurity ? (RequestSecurity) this[ElementNames.Security] : RequestSecurity.Secure;
}
}
}
}
用于读取相应WEB.CONFIG中的信息。
HttpSecurityModule
<httpModules>
<add name="SecuritySwitchModlue" type="ICStars2_0.Framework.HttpSecurity.HttpSecurityModule, ICStars2_0.Framework, Version=1.0.0.0, Culture=neutral" />
</httpModules>
namespace ICStars2_0.Framework.HttpSecurity
{
public class HttpSecurityModule : IHttpModule
{
private HttpsConfiguration _config { get; set; }
public void Init(HttpApplication context)
{
_config = ConfigurationManager.GetSection("HttpsConfiguration") as HttpsConfiguration; ;
if (_config == null || _config.Mode == Mode.Off)
{
return;
}
context.BeginRequest += context_AcquireRequestState;
}
void context_AcquireRequestState(object sender, EventArgs e)
{
var application = sender as HttpApplication;
RequestProcessor rp=new RequestProcessor(application.Context,_config);
rp.Process();
}
public void Dispose()
{
}
}
}
配置HTTPMODULE,读取HTTPS跳转框架配置信息HttpsConfiguration,把截获的请求和读取的配置文件传递给请求处理器RequestProcessor。
RequestProcessor
namespace ICStars2_0.Framework.HttpSecurity
{
internal class RequestProcessor
{
public HttpContext Context { get; set; }
public HttpsConfiguration Config { get; set; }
public RequestProcessor(HttpContext context,HttpsConfiguration config)
{
Context = context;
Config = config;
}
public void Process()
{
if (Context.Request.IsSecureConnection) return;
IEnumerable<HttpsPath> pathLIst = Config.Paths.Cast<HttpsPath>();
var ignorePaths = pathLIst.Where(p => p.Security == RequestSecurity.Ignore);
var securePaths = pathLIst.Where(p => p.Security == RequestSecurity.Secure);
PathsMatcher ignoreMatcher = new PathsMatcher(Context,ignorePaths);
if (ignoreMatcher.IsMatch()) return;
PathsMatcher secureMatcher = new PathsMatcher(Context, securePaths);
if (!secureMatcher.IsMatch()) return;
SecureRedirection secureRedirection=new SecureRedirection(Context,null);
secureRedirection.Go();
}
}
}
if (Context.Request.IsSecureConnection) return;
如果当前请求是HTTPS,则忽略。
var ignorePaths = pathLIst.Where(p => p.Security == RequestSecurity.Ignore);
获取需要被忽略的URL规则集合
var securePaths = pathLIst.Where(p => p.Security == RequestSecurity.Secure);
获取需要进行HTTPS跳转的URL规则集合
PathsMatcher ignoreMatcher = new PathsMatcher(Context,ignorePaths);
if (ignoreMatcher.IsMatch()) return;
创建忽略规则匹配器并使用需要被忽略的URL规则集合初始化,如果当前求匹配到任何一个忽略规则,则不进行HTTPS跳转。
PathsMatcher secureMatcher = new PathsMatcher(Context, securePaths);
if (!secureMatcher.IsMatch()) return;
SecureRedirection secureRedirection=new SecureRedirection(Context,null);
secureRedirection.Go();
创建需要进行HTTPS跳转的URL规则匹配器并初始化, 如果当前请求匹配到任何一个安全规则,则由SecureRedirection进行HTTPS跳转。
PathsMatcher
namespace ICStars2_0.Framework.HttpSecurity
{
class PathsMatcher
{
public HttpContext Context { get; set; }
public IEnumerable<HttpsPath> Paths { get; set; }
public PathsMatcher(HttpContext context, IEnumerable<HttpsPath> paths)
{
Context = context;
Paths = paths;
}
public bool IsMatch()
{
return Paths.Any(p => PathMatcherFactory.CreatePathMatcher(Context.Request.Url.AbsolutePath, p).IsMatch());
}
}
}
多路径匹配器
PathMatcher
namespace ICStars2_0.Framework.HttpSecurity
{
interface IPathMatcher
{
bool IsMatch();
}
}
namespace ICStars2_0.Framework.HttpSecurity
{
internal class ExactPathMatcher:IPathMatcher
{
public string Path { get; set; }
public string Pattern { get; set; }
public ExactPathMatcher(string path, string pattern)
{
Path = path;
Pattern = pattern;
}
public bool IsMatch()
{
return Path.Equals(Pattern, StringComparison.InvariantCultureIgnoreCase);
}
}
}
internal class StartsWithPathMatcher:IPathMatcher
{
public string Path { get; set; }
public string Pattern { get; set; }
public StartsWithPathMatcher(string path, string pattern)
{
Path = path;
Pattern = pattern;
}
public bool IsMatch()
{
return Path.StartsWith(Pattern, StringComparison.InvariantCultureIgnoreCase);
}
}
单一路径匹配器,可扩展更多的匹配器
PathMatcherFactory
internal class PathMatcherFactory
{
public static IPathMatcher CreatePathMatcher(string path, HttpsPath httpsPath)
{
switch (httpsPath.MatchType)
{
case PathMatchType.StartsWith:
return new StartsWithPathMatcher(path, httpsPath.Path);
case PathMatchType.Exact:
return new ExactPathMatcher(path, httpsPath.Path);
}
return null;
}
}
匹配器工厂
SecureRedirection
internal class SecureRedirection
{
public HttpContext Context { get; set; }
public string TargetUrl { get; set; }
public SecureRedirection(HttpContext context, string targetUrl)
{
Context = context;
TargetUrl = targetUrl;
}
public void Go()
{
Context.Response.StatusCode = 301;
Context.Response.RedirectLocation = TargetUrl ?? Context.Request.Url.AbsoluteUri.Replace("http://", "https://");
Context.Response.End();
}
}
将HTTP请求301重定向成HTTPS请求
总结
如果面对复杂的使用HTTPS的需求,这个框架能基本满足所有需要。当然由于我没有需求使用正则表达式验证,所以没有添加。但非常简单,可以在matchType里加一个“Regex"选项,创建一个新PathMather并在IsMatch中实现正则验证就行了。
分享到:
相关推荐
虽然说学习ASP.NET不需要任何ASP基础,但是我觉得如果大家ASP不会,还是先看一下【十天学会ASP教程】,大家所需要了解的不是ASP的程序怎么写,而是怎么构建服务器,怎么使用HTML表单,同时对SQL语句有一个基础和理解...
asp.net mvc文本文件创建更新,为了方便,我就不解释了,而且也不独立出来了
asp.net 异常处理跳转自定义404,500页面Demo实现,想要学习的可以看看,通过Application_Error 中拦截异常
asp.net网页跳转七种方法小结 开发技术
ASP.NET页面跳转的几种方法
asp.net登陆自动跳转代码实例 asp.net登陆自动跳转代码实例
asp.net iframe框架跳转以及定时轮询,子页面将新窗口打开到父窗体指定的iframe框架中,以及http_request轮询方法!时间匆忙只简单的写了简单应用。有时间在完善,希望能帮助到需要的朋友!
通用--定时跳转(Javascript结合Asp.net)通用--定时跳转(Javascript结合Asp.net)
浅析asp.net页面跳转,希望对大家有帮助:)
因为原PDF有128M,上传不了,所以这里是下载地址,下载下来后再跳转到里面给的网址(无广告无毒)去下PDF。
主要介绍了ASP.NET中iframe框架点击左边页面链接,右边显示链接页面内容的实现代码,感兴趣的小伙伴们可以参考一下
ASP.NET 2.0 Security FAQs Asp.net 2.0功能体验,细节之Web控件(一) 隐藏控件 Asp.net 2.0功能体验,总体设计思想 Asp.net 2.0 WebPart使用经验点滴 革新:.NET 2.0的自定义配置文件体系初探 关于如何在ASP.NET ...
微软自己本身的加密及解密对象及方法,方便供广大的开发人员的使用!
①response.redirect 这个跳转页面的方法跳转的速度不快,因为它要走2个来回(2次postback),但他可以跳 转到任何页面,没有站点页面限制(即可以由雅虎跳到... ASP.NET] 代码如下: using System; using System.Web.UI
.net MVC使用Session验证用户登录,直接输入URL的页面地址跳转到登陆页 ,必须经过用户登录授权才可以。例如输入:http://localhost:14613/Home/index 由于没有登录将直接跳转到http://localhost:14613/Account/Login...
本讲将通过实例比较ASP.NET下的三种典型URL重写方案——ISAPI重写(使用开源组件IIRF),ASP.NET2.0内置的urlMappings和基于自定义HTTPModule的URL重写(使用NBear.Web中的UrlRewriteModule实现),并探讨URL重写中...
把控件RadioButtonList,DropDownList,TextBox做成带参数(';...%>')的控件传递给下一页面 实现跳转,根据第一个页面不同选择或填写的值来改变第二个页面对应的操作,仅供参考,适合菜鸟初学者学习
总结 c# 编程中 ASP.NET(c#) 网页跳转的七种方法 实用
1.1 ASP.NET 2.0 是什么 1 1.2 第一个ASP.NET 2.0网站 2 1.2.1 创建网站 2 1.2.2 设计网站 3 1.2.3 通过预编译发布网站 5 1.3 ASP.NET 2.0必须具备的HTML知识 7 1.3.1 利用表单提交数据 8 1.3.2 使用表格进行布局 9 ...
页面跳转,权限判断的实例代码