SharePoint2010 技巧系列:巧用HttpModule

需求背景:

本公司建立了两个站点,一个是对内站点,只允许公司的内部员工访问,另一个是外部站点,这里的外部是指公司的合作商或者外包商可以访问的站点。对这两个站点的要求是内部的站点非本公司员工不可以访问, 由于内部的站点允许所有员工访问,所以我们添加了“ALL authenticated Users” 这就意味着,凡是Active Directory的用户都能访问,所以这里面用户就包括了合作商和外包商用户(公司统一使用AD认证,合作商和外包商有对应的Active Directory 账户)。

解决方案: 由于内部站点不允许外部员工访问(外部员工被统一存放在AD Externals 组内),我们的目标就是组织Externals 组访问我们的内部站点,查过微软的官方文档,也Google很多资料,得出结论,SharePoint只能在Web Application层次上对用户和组进行限制,不能在站点集或者站点上进行拒绝访问。所以我们只能改变原来的架构,把不同的站点分别放在不同的Web Application上。

那还有没有别的方案?反正Google不到,后来突然想到从IIS 层次上去想解决方案,于是就想到了HttpModule,经过测试好像还真的可行。

首先,打开Visual Studio 2010, 创建一个Class Library。

其次,新建一个class,实现IHttpModule

HttpModule 代码
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Web;
using System.Web.Security;

using Microsoft.SharePoint;
using System.ServiceModel;
using System.Net;
using PermissionChecker.MWADService;
namespace PermissionChecker
{
public class MWLinkChecker : IHttpModule
{
public void Dispose() { }

public void Init(HttpApplication context)
{
context.PostAuthenticateRequest
+= new EventHandler(context_PostAuthenticateRequest);
}


void context_PostAuthenticateRequest(object sender, EventArgs e)
{
//check whether current site is internal site
if (HttpContext.Current.Request.Url.AbsolutePath.Contains("InternalSupport"))
{

SPUser user
= null;

try
{
#region
//HttpRequest request = ((HttpApplication)sender).Request;
////Host Domain
//String requestUrlDomain = "http://" + request.Url.Host;

////Previous Host Domain
//String previousRequestUrlDomain = String.Empty;
//if (request.UrlReferrer != null)
//{
// previousRequestUrlDomain = "http://" + request.UrlReferrer.Host;
//}

////If coming from within same host, no redirection required
//if (!requestUrlDomain.Equals(previousRequestUrlDomain))
//{

#endregion
//Getting the HttpContext
HttpContext context = ((HttpApplication)sender).Context;

//Creating SPSite object
SPSite spSite;
//Creating SPWeb object
SPWeb spWeb;
//Checking for the current SPContext
if (SPContext.Current != null)
{
//Getting the SPSite
spSite = SPContext.Current.Site;
//Getting the SPWeb
spWeb = spSite.RootWeb;
//Get the SPUser
user = spWeb.CurrentUser;

//call web service to check whether current user is in EXTERNALS Group
MWADService.MWADInfoSoapClient client;

BasicHttpBinding binding
= new BasicHttpBinding();
binding.ReceiveTimeout
= new TimeSpan(0, 5, 0);
client
= new MWADInfoSoapClient(binding, new EndpointAddress("web service URL"));
client.Endpoint.Binding
= binding;
client.ClientCredentials.Windows.ClientCredential
= new NetworkCredential(@"Domain\Account", "Password");

MWADService.ArrayOfString groups
= client.GetGroupsForUser(user.LoginName);

if (groups.Contains("EXTERNALS"))
{
HttpContext.Current.Response.Redirect(
"access denied page");
}
}
// }
// }
}
catch
{

}
}
}
}
}

第三步,在对应的站点目录下web.config中加入以下内容。

 <httpModules>
      <add name="MWLINKCheckerSetting" type="PermissionChecker.MWLinkChecker,PermissionChecker, Version=1.0.0.0, Culture=neutral, PublicKeyToken=ec7365e9b36581d1" />
      <add name="FederatedAuthentication" type="Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule, Microsoft.SharePoint.IdentityModel, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
      <add name="SessionAuthentication" type="Microsoft.SharePoint.IdentityModel.SPSessionAuthenticationModule, Microsoft.SharePoint.IdentityModel, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
      <add name="SPWindowsClaimsAuthentication" type="Microsoft.SharePoint.IdentityModel.SPWindowsClaimsAuthenticationHttpModule, Microsoft.SharePoint.IdentityModel, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
     
    </httpModules>

第四步:部署DLL 到GAC。

第五步,测试效果。

posted @ 2011-05-11 17:31  懒牛  阅读(2385)  评论(10编辑  收藏  举报