学步园

Introduction

The advent of ASP.NET arriving in a world that up to that point had become accustomed to VBScript or JavaScript spaghetti code was the introduction of true, or truer, object oriented programming (OOP) paradigms to web page development. We have seen over the years how to apply objects to facilitate web components and controls within ASP.NET applications to automate the process of building out a functional web solution with minimal code. One of the most overlooked features of object orientation, however, is utilizing inheritance with the base System.Web.UI.Page class.

The most important advantage base Page inheritance gives is the ability to enforce security across all pages that take advantage of the inheritance. You can even specify varying user access levels per page with only one line of code and one tweak of code. The tweak involves replacing the web form’s declaration with an inheritance of a new semi-abstract class called CommonPage rather than System.Web.UI.Page.

<span class="cs-comment">// Create a new .cs file with a CommonPage class declaration</span>
<span class="cs-keyword">public</span> <span class="cs-keyword">class</span> CommonPage : System.Web.UI.Page
{
    <span class="cs-comment">// ...</span>
}
 
<span class="cs-comment">// Replace the standard inheritance declaration of any new web form</span>
<span class="cs-comment">// with a reference to CommonPage</span>
<span class="cs-keyword">public</span> <span class="cs-keyword">class</span> WebForm1 : CommonPage <span class="cs-comment">// changed ": System.Web.UI.Page"</span>
{
    <span class="cs-comment">// ...</span>
}

By moving to our own base class type, we are now able to customize the base functionality of every web form that inherits this base type, simply by modifying CommonPage.cs. In this way, all pages subscribing to this base class can also be guaranteed to expose and make available certain properties and methods not as easily available in the previous base class, such as application-specific page, user, or session properties. We can also enforce security checks and clean-up routines that are common across all participating pages.

Specifying Minimum Access Levels

The natural initial progression of extending CommonPage is to first enforce security. We can guarantee through inheritance and a simple security access level declaration that no user can access a particular page without proper security clearance as long as the page inherits CommonPage rather than System.Web.UI.Page. This is achieved by customizing the constructor of CommonPage and the Load event of System.Web.UI.Page, and thereby executing a new AccessCheck method before the web form ever executes.

<span class="cs-keyword">public</span> CommonPage() {
    <span class="cs-keyword">base</span>.Load +=<span class="cs-keyword">new</span> EventHandler(CommonPage_Load);
}
 
<span class="cs-keyword">private</span> <span class="cs-keyword">void</span> CommonPage_Load(<span class="cs-keyword">object</span> sender, EventArgs e) {
    AccessCheck();
}
 
<span class="cs-keyword">private</span> <span class="cs-keyword">void</span> AccessCheck () {
    <span class="cs-comment">// enforce security here ...</span>
}

At this point, it is now possible to customize the access levels of each page with only a single line of code per page. In order to do this, we must first define a set of access levels with an enum called AccessLevel.

<span class="cs-keyword">public</span> <span class="cs-keyword">enum</span> AccessLevel {
    Guest = <span class="cs-literal">0</span>,
    BaseMember = <span class="cs-literal">1</span>,
    FullMember = <span class="cs-literal">5</span>, <span class="cs-comment">// numerically spaced for future expansion</span>
    Administrator = <span class="cs-literal">10</span>
}

With AccessLevel defined, we can now specify a simple field in the web form called MinLevel that identifies the clearance level required for the particular web form. Normally, one would override a “MinLevel” property declared in CommonPage and customize its get method.

<span class="cs-keyword">public</span> <span class="cs-keyword">class</span> WebForm1 : CommonPage
{
    <span class="cs-keyword">protected</span> <span class="cs-keyword">override</span> AccessLevel MinLevel {
        <span class="cs-keyword">get</span> {
            <span class="cs-keyword">return</span> AccessLevel.FullMember;
        }
    }
    <span class="cs-comment">// ...</span>
}

This is, of course, considered the most correct way of customizing an access level customization on an inherited web form. However, in order to make this only a single line of code, we can break the paradigm of using overridden properties and instead use a constant field. In our case, our goal is to eliminate as much coding as possible, including even any method or property blocks. So, we instead declare a simple field in the web form that specifies the minimum access level.

<span class="cs-keyword">public</span> <span class="cs-keyword">class</span> WebForm1 : CommonPage
{
   <span class="cs-keyword">public</span> <span class="cs-keyword">const</span> AccessLevel MinLevel = AccessLevel.FullMember;
   <span class="cs-comment">// ...</span>
}

In order for CommonPage to retrieve this value, it must use the System.Reflection namespace to discover the value.

<span class="cs-comment">// Figure 1</span>
<span class="cs-keyword">public</span> <span class="cs-keyword">class</span> CommonPage : System.Web.UI.Page
{
    <span class="cs-keyword">private</span> <span class="cs-keyword">const</span> AccessLevel DefaultMinLevel = AccessLevel.Guest;
    <span class="cs-keyword">private</span> <span class="cs-keyword">void</span> AccessCheck() {
        AccessLevel minLevel = DefaultMinLevel;
        System.Reflection.FieldInfo fi =
            <span class="cs-keyword">this</span>.GetType().GetField(<span class="cpp-string">"MinLevel"</span>,
            System.Reflection.BindingFlags.Public |
            System.Reflection.BindingFlags.Static |
            System.Reflection.BindingFlags.FlattenHierarchy);
        <span class="cs-keyword">if</span> (fi != <span class="cs-keyword">null</span>) minLevel = (AccessLevel)fi.GetValue(<span class="cs-keyword">null</span>);
        <span class="cs-comment">// ... </span>
    }
    <span class="cs-comment">// ...</span>
}

Now, CommonPage knows the minimum access level for the page. We also specified a DefaultMinLevel constant to be sure that new inheriting web forms that do not have a MinLevel specification can default user access limits to this value. In this way, we can make the default access level FullMember, for instance, so that by default no new inheriting web form is accessible by anyone except that level of user.

Exposing a Common User Object

Now that we have specified an access level for a page, we need to have CommonPage map the user’s AccessLevel. The best way of doing this is to create a whole new user object and keep it stored in the session at all times. We will create an AppUser class and have its default AccessLevel property set to Guest. Then we will expose this object as a Session-stored property in CommonPage that is accessible as CurrentUser.

<span class="cs-comment">// Figure 2</span>
<span class="cs-keyword">namespace</span> InheritenceSample
{
    <span class="cs-keyword">public</span> <span class="cs-keyword">class</span> AppUser
    {
        <span class="cs-keyword">public</span> AccessLevel Level = AccessLevel.Guest;
    }
 
    <span class="cs-keyword">public</span> <span class="cs-keyword">class</span> CommonPage : System.Web.UI.Page
    {
        <span class="cs-comment">// ...</span>
 
        <span class="cs-keyword">public</span> AppUser CurrentUser {
            <span class="cs-keyword">get</span> {
                AppUser usr = (AppUser)Session[<span class="cpp-string">"AppUser"</span>];
                <span class="cs-keyword">if</span> (usr == <span class="cs-keyword">null</span>) {
                    usr = <span class="cs-keyword">new</span> AppUser();
                    Session.Add(<span class="cpp-string">"AppUser"</span>, usr);
                }
                <span class="cs-keyword">return</span> usr;
            }
        }
    }
}

At this point, it is very easy for AccessCheck method in CommonPage to determine whether the user does not have access to a particular page, with this boolean evaluation:

<span class="cs-keyword">if</span> (CurrentUser.Level &lt; minLevel) { <span class="cs-comment">// ...</span>

By default, an AppUser object’s level is Guest. You can customize the AccessCheck method so that all Guest users attempting to access a more secure page are redirected to a login page that would modify the user’s access level according to a value specified in a database. In the login page, you can use Request.ServerVariables[“HTTP_REFERER”] to return to the referring page after logging in, or you can pass a more appropriate custom URL in the query string that redirects to the Login page, and have the Login page default to one and override to the other.

Going Further

In addition to applying security, this paradigm makes all new pages derived from your CommonPage class universally conformant to the parameters you specify in a single class, or in a few subclasses. For example, you can create a CommonXPage class that inherits CommonPage, and inherit CommonXPage only in web forms that do function X, so that these have a common minimum security level or a common task to perform when loading, and so forth.

We can also establish universal clean-up routines that are common to all pages in our application, by using the Unload event in CommonPage. (Note that utilizing deconstructors in ASP.NET, or “~CommonPage() {…}”, is not recommended.)

<span class="cs-keyword">public</span> <span class="cs-keyword">class</span> CommonPage : System.Web.UI.Page
{
    <span class="cs-keyword">public</span> CommonPage() {
        <span class="cs-keyword">base</span>.Load += <span class="cs-keyword">new</span> EventHandler(CommonPage_Load);
        <span class="cs-keyword">base</span>.Unload += <span class="cs-keyword">new</span> EventHandler(CommonPage_Unload);
    }
 
    <span class="cs-keyword">private</span> <span class="cs-keyword">void</span> CommonPage_Unload(<span class="cs-keyword">object</span> sender, EventArgs e) {
        <span class="cs-comment">// common clean up ...</span>
    }
    <span class="cs-comment">// ...</span>
}

All of the benefits of inheritance in object oriented programming apply in ASP.NET. Hopefully, we have only scratched the surface as to what levels of productivity you can take web application development to using inheritance in ASP.NET and making the most of OOP methodologies.