/// <summary> /// 获取用户检查信息 /// </summary> /// <param name="username">用户名</param> /// <returns>用户检查信息</returns> private UserCheckInfo GetCheckInfo(string username) { if (string.IsNullOrEmpty(username)) { throw new InvalidRequestException(); } UserCheckInfo info = s_checkTable[username] as UserCheckInfo; if (info == null) { // 为了防止工具程序以并发方式发起多次请求,因此这里采用全局锁, // 确保一个用户只生成一个UserCheckInfo实例。 lock (s_lock) { info = s_checkTable[username] as UserCheckInfo; if (info == null) { info = new UserCheckInfo { UserName = username, LastGet = DateTime.MinValue.Ticks, LastPost = DateTime.MinValue.Ticks }; s_checkTable[username] = info; } } } return(info); }
void app_PostResolveRequestCache(object sender, EventArgs e) { HttpApplication app = (HttpApplication)sender; //本地调试(非IIS)不走验证 if (app.Context.Request.IsLocal && !app.Context.Request.IsAuthenticated) { return; } if (app.Context.IsDebuggingEnabled) { app.Response.AppendHeader("X-SecurityCheckModule", "running"); } if (app.Request.RequestType == "POST") { if (app.Request.Headers["X-Requested-With"] != "XMLHttpRequest") { app.Response.Write("无效的提交请求-1。"); app.Response.End(); } } if (app.Request.Path.EndsWith(".aspx", StringComparison.OrdinalIgnoreCase) == false) { return; } bool endRequest = false; UserCheckInfo info = GetCheckInfo(app.User.Identity.Name); // 为了防止工具程序以并发方式发起多次请求 long currentTime = DateTime.Now.Ticks; if (app.Request.RequestType == "GET") { long lastTime = Interlocked.Exchange(ref info.LastGet, currentTime); if (new DateTime(lastTime).AddSeconds(s_GetFrequencySecond) > new DateTime(currentTime)) { app.Response.Write("您的请求频率太快,休息,休息一会儿!"); endRequest = true; } } else { long lastTime = Interlocked.Exchange(ref info.LastPost, currentTime); if (new DateTime(lastTime).AddSeconds(s_PostFrequencySecond) > new DateTime(currentTime)) { throw new InvalidRequestException("您的请求频率太快,休息,休息一会儿!"); } } if (endRequest) { app.Response.End(); } }