我有一个应用程序,它从一个小型 Web 表单项目开始,很快就变得非常大。我想记录每个触发的事件并检查用户对指定操作的权限。
而不是在每个事件中添加功能,我认为一个好方法是创建一个覆盖默认“System.Web.UI.Page”的基类并检查基类中的每个事件调用。
这是该类的代码:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
namespace Test
{
/// <summary>
/// Summary description for BasePage
/// </summary>
public abstract class BasePage : System.Web.UI.Page
{
public BasePage()
{
// Adding functionality to the "on load" event of the base class (Page)
base.Load += new EventHandler(BasePage_Load);
base.Unload += new EventHandler(BasePage_Unload);
base.LoadComplete += new EventHandler(BasePage_LoadComplete);
}
private void BasePage_Load(object sender, EventArgs e)
{
LogEverything();
AccessCheck();
}
private void BasePage_LoadComplete(object sender, EventArgs e)
{
LogEverything();
AccessCheck();
}
protected override void RaisePostBackEvent(System.Web.UI.IPostBackEventHandler sourceControl, string eventArgument)
{
LogEverything();
base.RaisePostBackEvent(sourceControl, eventArgument);
}
private void BasePage_Unload(object sender, EventArgs e)
{
LogEverything();
}
private bool LogEverything()
{
string sRawUrl = HttpContext.Current.Request.RawUrl;
string sQueryString = HttpContext.Current.Request.QueryString.ToString();
string sPage = HttpContext.Current.Request.AppRelativeCurrentExecutionFilePath;
string sHttpMethod = HttpContext.Current.Request.HttpMethod;
string sUserAgent = HttpContext.Current.Request.UserAgent;
string sUserAddress = HttpContext.Current.Request.UserHostAddress;
string sEventTarget = HttpContext.Current.Request.Form["__EVENTTARGET"];
string sEventArgument = HttpContext.Current.Request.Form["__EVENTARGUMENT"];
string sEventValidation = HttpContext.Current.Request.Form["__EVENTVALIDATION"];
// TODO: find the event that triggered the postback
return Logging.append(Logging.logLevelType.Info, "Baseclass is here!");
}
private bool AccessCheck()
{
// enforce security here ...
return true;
}
}
}
您可能会注意到它并不完整,因为我仍在研究此选项。我还没有找到一种方法来检索触发的事件,以便我可以记录调用的函数名称并检查用户是否有权调用该函数。可能吗?即使是肮脏的黑客也可以。