如何在.NET/PHP应用程序中限制对WordPress内容的访问 [英] How to restrict access to WordPress content in .NET/PHP application

问题描述

我有一个WordPress网站，用于一本小日记.它托管在Azure VM上的IIS中，并使用MSSQL而不是MySQL.尽管许多内容都是免费提供的，但我想将对最新内容的访问限制为仅付费用户.我想知道我该怎么做.我正在考虑向每个Post/Article的段添加一些简单的代码(也许这些段以'protected-'开头).然后，我可以编写一个C#.NET HttpHandler来检查Uri中的受保护"代码，检查用户是否可以通过数据库中的条目访问它，以及是否允许访问.这种方法行得通吗?任何其他可能性.

I have a WordPress site for a small journal. It is hosted in IIS on an Azure VM and uses MSSQL rather than MySQL. Although much of the content is freely available I want to restrict access to the more recent content to paying subscribers only. I'm wondering how I might do this. I was thinking of adding some simple code to the slug of each Post/Article (perhaps just having the slug start with 'protected-'). I could then write an C#.NET HttpHandler to check the Uri for the 'protected' code, check whether or not the user has access to it via entries in the DB, and allow, or not, access. Would this approach work? Any other possibilities.

请注意，我不是PHP开发人员，任何解决方案都必须使用.NET才能实现.

Please note that I am not a PHP developer and any solution needs to be implementable using .NET.

编辑200814

使用HttpModule审查所有传入的请求，我已经取得了一些进展.这是通过将相关行添加到Web.config中来实现的:

I've made some progress using a HttpModule to review any incoming requests. This was achieved by adding the relevant lines to the Web.config:

内部

<modules runAllManagedModulesForAllRequests="true">
    <add name="WpContentAccess" type="WpJournalHttpHandler.ContentAccessModule, WpJournalHttpHandler, Version=1.0.0.0, Culture=neutral, PublicKeyToken=ced90a15f96f61ed" preCondition="managedHandler" />
</modules>

内部

<httpModules>
  <add name="WpContentAccess" type="System.ServiceModel.Activation.HttpModule"/>
</httpModules>
<compilation targetFramework="4.0">
    <assemblies>
        <add assembly="WpJournalHttpHandler, Version=1.0.0.0, Culture=neutral, PublicKeyToken=ced90a15f96f61ed" />
    </assemblies>
</compilation>

其中WpJournalHttpHandler是我的自定义HttpModule.

where WpJournalHttpHandler is my custom HttpModule.

每当用户尝试查看带有包含受保护"的内容的帖子/文章时，我都希望重定向，例如 https://journal.emergentpublications.com/article/protected_eco_010101/

I want to redirect whenever a user tries to view a Post/Article that has a slug containing 'protected', e.g., https://journal.emergentpublications.com/article/protected_eco_010101/

但是，WP使用URL重写，因此我的HttpModule从未收到要处理的原始URL.在重写URL之前是否需要运行HttpModule?

However, WP uses URL rewriting so my HttpModule never receives the original URL for processing. Do I need to have the HttpModule run before the URL rewriting?

这是我的web.config中的重写条目:

Here's the rewrite entry in my web.config:

<rewrite>
  <rules>
        <rule name="wordpress" patternSyntax="Wildcard">
            <match url="*" />
                <conditions>
                    <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
                    <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
                </conditions>
            <action type="Rewrite" url="index.php" />
        </rule></rules>
</rewrite>

EDIT 200814_2

EDIT 200814_2

将Web.config的重写部分更改为:

After changing the rewrite part of my Web.config to:

<rewrite>
    <rules>
        <rule name="WordPress Rule" stopProcessing="true">
            <match url=".*" />
            <conditions>
                <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
                <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
            </conditions>
            <action type="Rewrite" url="index.php?page_id={R:0}" />
        </rule>
    </rules>
</rewrite>

并将我的HttpModule检查context.Request.Url.ToString().Contains("protected")作为AuthenticateRequest事件的一部分，我现在可以根据需要过滤WP请求.

And had my HttpModule check context.Request.Url.ToString().Contains("protected") as part of the AuthenticateRequest event I can now filter the WP requests as desired.

推荐答案

最后，添加C#.NET HttpModule即可. IIS托管的WordPress网站的完整web.config是:

Adding a C#.NET HttpModule worked in the end. The full web.config for the WordPress site hosted with IIS is:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webServer>
    <httpErrors errorMode="Detailed" />
        <validation validateIntegratedModeConfiguration="false" />
        <modules runAllManagedModulesForAllRequests="true">
            <add name="WpContentAccess" type="WpJournalHttpHandler.ContentAccessModule, WpJournalHttpHandler, Version=1.0.0.0, Culture=neutral, PublicKeyToken=ced90a15f96f61ed" preCondition="managedHandler" />
        </modules>
        <rewrite>
      <rules>
            <rule name="wordpress" stopProcessing="true">
                <match url=".*" />
                    <conditions>
                        <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
                        <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
                    </conditions>
                <action type="Rewrite" url="index.php?page_id={R:0}" />
            </rule></rules>
    </rewrite>
  </system.webServer>
  <system.web>
    <customErrors mode="Off" />
        <httpModules>
      <add name="WpContentAccess" type="System.ServiceModel.Activation.HttpModule" />
    </httpModules>
        <compilation targetFramework="4.0">
            <assemblies>
                <add assembly="WpJournalHttpHandler, Version=1.0.0.0, Culture=neutral, PublicKeyToken=ced90a15f96f61ed" />
            </assemblies>
        </compilation>
  </system.web>
</configuration>

我的ContentAccessModule的框架代码是:

And the skeleton code for my ContentAccessModule is:

using System;
using System.Web;
using System.Diagnostics;

namespace WpJournalHttpHandler
{
    public class ContentAccessModule : IHttpModule
    {
        private EventLog eventLog;

        public void Init(HttpApplication application)
        {
            application.AuthenticateRequest += Application_AuthenticateRequest;


            if (!EventLog.SourceExists("WpJournal"))
            {
                EventLog.CreateEventSource("WpJournal", "WpJournalActivity");
            }
            eventLog = new EventLog {Source = "WpJournal"};
            eventLog.WriteEntry("Application initialized.", EventLogEntryType.Information);
        }

        public void Dispose()
        {
            //Cleanup
        }

        private void Application_AuthenticateRequest(object source, EventArgs e)
        {
            HttpContext context = HttpContext.Current;
            eventLog.WriteEntry("Authentication for " + context.Request.Url + " from " + context.Request.UserHostAddress, EventLogEntryType.Information);
            if (context.Request.Url.ToString().Contains("protected"))
            {
                context.Response.Redirect("https://journal.emergentpublications.com/restricted-content/");
            }
        }

        private bool IsValidIpAddress(string ipAddress)
        {
            return false;
        }

        private string IsSubscribed(HttpContext context)
        {
            return null;
        }
    }
}

编译后，WpJournalHttpHandler便被加载到GAC中，因此web.config可以找到它.请注意，WP项目实际上是使用"用于可视化的PHP工具构建的PHP项目. Studio 2013 ".现在，我可以使用C#.NET为WP内容编写所需的任何访问逻辑，只要更改Post/Article的内容以包括一些常见的字符串(例如"protected")(我可能会使用不太可能的字符串)实际出现在帖子/文章标题中-可能是简短的随机字母数字).

Once compiled the WpJournalHttpHandler was loaded into the GAC so it could be found by the web.config. Note that the WP project is actually a PHP project built using "PHP Tools for Visual Studio 2013". Now I can write whatever access logic I want for my WP content using C#.NET, as long as I change the slug of the Post/Article to include some common string such as "protected" (I'll probably use a string less likely to actually appear in a Post/Article title - perhaps a short random alphanumeric).

请注意，如果像我一样使用事件日志记录，则需要授予网络服务访问事件日志的权限.

Note that if you use Event Logging like I have you'll need to give Network Service permission to access the event logs.

这篇关于如何在.NET/PHP应用程序中限制对WordPress内容的访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！