/// <summary>
/// 获取用户检查信息
/// </summary>
/// <param name="username">用户名</param>
/// <returns>用户检查信息</returns>
private UserCheckInfo GetCheckInfo(string username)
{
if (string.IsNullOrEmpty(username))
{
throw new InvalidRequestException();
}
UserCheckInfo info = s_checkTable[username] as UserCheckInfo;
if (info == null)
{
// 为了防止工具程序以并发方式发起多次请求,因此这里采用全局锁,
// 确保一个用户只生成一个UserCheckInfo实例。
lock (s_lock)
{
info = s_checkTable[username] as UserCheckInfo;
if (info == null)
{
info = new UserCheckInfo
{
UserName = username,
LastGet = DateTime.MinValue.Ticks,
LastPost = DateTime.MinValue.Ticks
};
s_checkTable[username] = info;
}
}
}
return(info);
}
void app_PostResolveRequestCache(object sender, EventArgs e)
{
HttpApplication app = (HttpApplication)sender;
//本地调试(非IIS)不走验证
if (app.Context.Request.IsLocal && !app.Context.Request.IsAuthenticated)
{
return;
}
if (app.Context.IsDebuggingEnabled)
{
app.Response.AppendHeader("X-SecurityCheckModule", "running");
}
if (app.Request.RequestType == "POST")
{
if (app.Request.Headers["X-Requested-With"] != "XMLHttpRequest")
{
app.Response.Write("无效的提交请求-1。");
app.Response.End();
}
}
if (app.Request.Path.EndsWith(".aspx", StringComparison.OrdinalIgnoreCase) == false)
{
return;
}
bool endRequest = false;
UserCheckInfo info = GetCheckInfo(app.User.Identity.Name);
// 为了防止工具程序以并发方式发起多次请求
long currentTime = DateTime.Now.Ticks;
if (app.Request.RequestType == "GET")
{
long lastTime = Interlocked.Exchange(ref info.LastGet, currentTime);
if (new DateTime(lastTime).AddSeconds(s_GetFrequencySecond) > new DateTime(currentTime))
{
app.Response.Write("您的请求频率太快,休息,休息一会儿!");
endRequest = true;
}
}
else
{
long lastTime = Interlocked.Exchange(ref info.LastPost, currentTime);
if (new DateTime(lastTime).AddSeconds(s_PostFrequencySecond) > new DateTime(currentTime))
{
throw new InvalidRequestException("您的请求频率太快,休息,休息一会儿!");
}
}
if (endRequest)
{
app.Response.End();
}
}
