欢迎您访问本站首页笑话数码汽车珠宝手机购车首饰美妆装修厨房科普编程导购空间导购百科知道词典繁体王朝搜索

当前位置: 王朝网络 >> asp >> Asp.Net基于forms的验证机制 Asp.Net ji yu forms de yan zheng ji zhi

Asp.Net基于forms的验证机制

来源:互联网网民宽屏版评论

2008-12-13 08:24:11

本文为【Asp.Net基于forms的验证机制】的汉字拼音对照版显示拼音

项xiang目mu需xu要yao研yan究jiu了le下xiaAsp.Net的de基ji于yuforms的de验yan证zheng机ji制zhi

构gou建jian基ji于yuforms的de验yan证zheng机ji制zhi过guo程cheng如ru下xia：

1,设she置zhiIIS为wei可ke匿ni名ming访fang问wen和heasp.net web.config中zhong设she置zhi为weiform验yan证zheng

2,检jian索suo数shu据ju存cun储chu验yan证zheng用yong户hu，并bing检jian索suo角jiao色se(如ru果guo不bu是shi基ji于yu角jiao色se可ke不bu用yong)

简jian单dan无wurole方fang式shi：

使shi用yongFormsAuthenticationTicket创chuang建jian一yi个geCookie并bing回hui发fa到dao客ke户hu端duan，并bing存cun储chu 角jiao色se到dao票piao中zhong，如ru：

FormsAuthentication.SetAuthCookie(Username,true | false)

cookies保bao存cun时shi间jian：

HttpContext.Current.Response.Cookies[FormsAuthentication.FormsCookieName].Expires=DateTime.Now.AddDays(1)

如ru果guo需xu要yao存cun储chu角jiao色se方fang式shi：view plaincopy to clipboardprint?

FormsAuthenticationTicket authTicket = new

FormsAuthenticationTicket(

1, // version

txtUserName.Text, // user name

DateTime.Now, // creation

DateTime.Now.AddMinutes(20),// Expiration

false, // Persistent

roles ); // User data

//roles是shi一yi个ge角jiao色se字zi符fu串chuan数shu组zu

string encryptedTicket = FormsAuthentication.Encrypt(authTicket); //加jia密mi

FormsAuthenticationTicket authTicket = new

FormsAuthenticationTicket(

1, // version

txtUserName.Text, // user name

DateTime.Now, // creation

DateTime.Now.AddMinutes(20),// Expiration

false, // Persistent

roles ); // User data

//roles是shi一yi个ge角jiao色se字zi符fu串chuan数shu组zu

string encryptedTicket = FormsAuthentication.Encrypt(authTicket); //加jia密mi 存cun入ruCookie view plaincopy to clipboardprint?

HttpCookie authCookie =

new HttpCookie(FormsAuthentication.FormsCookieName,

encryptedTicket);

Response.Cookies.Add(authCookie);

HttpCookie authCookie =

new HttpCookie(FormsAuthentication.FormsCookieName,

encryptedTicket);

Response.Cookies.Add(authCookie); 在zaiApplication_AuthenticateRequest事shi件jian中zhong处chu理li程cheng序xu中zhong(Global.asax)中zhong，使shi用yong票piao创chuang建jianIPrincipal对dui象xiang并bing存cun在zaiHttpContext.User中zhong代dai码ma： view plaincopy to clipboardprint?

protected void Application_AuthorizeRequest(object sender, System.EventArgs e)

{

HttpApplication App = (HttpApplication) sender;

HttpContext Ctx = App.Context ; //获huo取qu本ben次ciHttp请qing求qiu相xiang关guan的deHttpContext对dui象xiang

if (Ctx.Request.IsAuthenticated == true) //验yan证zheng过guo的de用yong户hu才cai进jin行xingrole的de处chu理li

{

FormsIdentity Id = (FormsIdentity)Ctx.User.Identity ;

FormsAuthenticationTicket Ticket = Id.Ticket ; //取qu得de身shen份fen验yan证zheng票piao

string[] Roles = Ticket.UserData.Split (',') ; //将jiang身shen份fen验yan证zheng票piao中zhong的derole数shu据ju转zhuan成cheng字zi符fu串chuan数shu组zu

Ctx.User = new GenericPrincipal (Id, Roles) ; //将jiang原yuan有you的deIdentity加jia上shang角jiao色se信xin息xi新xin建jian一yi个geGenericPrincipal表biao示shi当dang前qian用yong户hu,这zhe样yang当dang前qian用yong户hu就jiu拥yong有you了lerole信xin息xi

}

protected void Application_AuthorizeRequest(object sender, System.EventArgs e)

{

HttpApplication App = (HttpApplication) sender;

HttpContext Ctx = App.Context ; //获huo取qu本ben次ciHttp请qing求qiu相xiang关guan的deHttpContext对dui象xiang

if (Ctx.Request.IsAuthenticated == true) //验yan证zheng过guo的de用yong户hu才cai进jin行xingrole的de处chu理li

{

FormsIdentity Id = (FormsIdentity)Ctx.User.Identity ;

FormsAuthenticationTicket Ticket = Id.Ticket ; //取qu得de身shen份fen验yan证zheng票piao

string[] Roles = Ticket.UserData.Split (',') ; //将jiang身shen份fen验yan证zheng票piao中zhong的derole数shu据ju转zhuan成cheng字zi符fu串chuan数shu组zu

}

}需xu要yao对dui某mou些xie页ye面mian进jin行xing角jiao色se控kong制zhi，有you两liang种zhong方fang法fa：

1、web.config中zhong加jia view plaincopy to clipboardprint?

<system.web>

</authorization>

</system.web>

</location>

<system.web>

</authorization>

</system.web>

</location> 2、把ba只zhi能neng是shi某mou种zhong角jiao色se访fang问wen的de文wen件jian放fang在zai同tong一yi目mu录lu下xia,在zai此ci目mu录lu下xia添tian加jia一yi个geweb.config view plaincopy to clipboardprint?

<system.web>

</authorization>

</system.web>

</configuration>

<system.web>

</authorization>

</system.web>

</configuration> 说shuo明ming：子zi目mu录lu的deweb.config设she置zhi优you先xian于yu父fu目mu录lu的deweb.config设she置zhi

以yi上shang参shen考kao：http://www.cnblogs.com/kwklover/archive/2004/06/29/19455.aspx
http://www.donews.net/robinblood/archive/2005/04/30/358041.aspx

【原文】

点击展开全文

特别声明：以上内容(如有图片或视频亦包括在内)为网络用户发布，本站仅提供信息存储服务。

相关文章▶ 没有找到您想要的？点此查看更多相关文章

　　项目需要研究了下Asp.Net的基于forms的验证机制　　构建基于forms的验证机制过程如下：　　　　1,设置IIS为可匿名访问和asp.net web.config中设置为form验证　　　　2,检索数据存储验证用户，并检索角色(如果不是基于角色可不用) 　　　　简单无role方式：　　　　使用FormsAuthenticationTicket创建一个Cookie并回发到客户端，并存储角色到票中，如：　　　　 FormsAuthentication.SetAuthCookie(Username,true | false) 　　　　cookies保存时间：　　　　HttpContext.Current.Response.Cookies[FormsAuthentication.FormsCookieName].Expires=DateTime.Now.AddDays(1) 　　　　如果需要存储角色方式：　　view plaincopy to clipboardprint? FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket( 1, // version txtUserName.Text, // user name DateTime.Now, // creation DateTime.Now.AddMinutes(20),// Expiration false, // Persistent roles ); // User data 　　　　//roles是一个角色字符串数组 string encryptedTicket = FormsAuthentication.Encrypt(authTicket); //加密 FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket( 1, // version txtUserName.Text, // user name DateTime.Now, // creation DateTime.Now.AddMinutes(20),// Expiration false, // Persistent roles ); // User data 　　　　//roles是一个角色字符串数组 string encryptedTicket = FormsAuthentication.Encrypt(authTicket); //加密　　　存入Cookie view plaincopy to clipboardprint? HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket); Response.Cookies.Add(authCookie); HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket); Response.Cookies.Add(authCookie); 　　　在Application_AuthenticateRequest事件中处理程序中(Global.asax)中，使用票创建IPrincipal对象并存在HttpContext.User中代码： view plaincopy to clipboardprint? protected void Application_AuthorizeRequest(object sender, System.EventArgs e) { HttpApplication App = (HttpApplication) sender; HttpContext Ctx = App.Context ; //获取本次Http请求相关的HttpContext对象 if (Ctx.Request.IsAuthenticated == true) //验证过的用户才进行role的处理 { FormsIdentity Id = (FormsIdentity)Ctx.User.Identity ; FormsAuthenticationTicket Ticket = Id.Ticket ; //取得身份验证票 string[] Roles = Ticket.UserData.Split (',') ; //将身份验证票中的role数据转成字符串数组 Ctx.User = new GenericPrincipal (Id, Roles) ; //将原有的Identity加上角色信息新建一个GenericPrincipal表示当前用户,这样当前用户就拥有了role信息 } } protected void Application_AuthorizeRequest(object sender, System.EventArgs e) { HttpApplication App = (HttpApplication) sender; HttpContext Ctx = App.Context ; //获取本次Http请求相关的HttpContext对象 if (Ctx.Request.IsAuthenticated == true) //验证过的用户才进行role的处理 { FormsIdentity Id = (FormsIdentity)Ctx.User.Identity ; FormsAuthenticationTicket Ticket = Id.Ticket ; //取得身份验证票 string[] Roles = Ticket.UserData.Split (',') ; //将身份验证票中的role数据转成字符串数组 Ctx.User = new GenericPrincipal (Id, Roles) ; //将原有的Identity加上角色信息新建一个GenericPrincipal表示当前用户,这样当前用户就拥有了role信息 } }　　　需要对某些页面进行角色控制，有两种方法：　　　　1、web.config中加 view plaincopy to clipboardprint? <location path="EditPost.aspx"> <system.web> <authorization> <allow roles="RoleName" /> <deny users="?" /> </authorization> </system.web> </location> <location path="EditPost.aspx"> <system.web> <authorization> <allow roles="RoleName" /> <deny users="?" /> </authorization> </system.web> </location> 　　　　2、把只能是某种角色访问的文件放在同一目录下,在此目录下添加一个web.config view plaincopy to clipboardprint? <configuration> <system.web> <authorization> <allow roles="RoleName" /> <deny users="*" /> </authorization> </system.web> </configuration> <configuration> <system.web> <authorization> <allow roles="RoleName" /> <deny users="*" /> </authorization> </system.web> </configuration> 　　　说明：子目录的web.config设置优先于父目录的web.config设置以上参考：[url=http://www.cnblogs.com/kwklover/archive/2004/06/29/19455.aspx]http://www.cnblogs.com/kwklover/archive/2004/06/29/19455.aspx[/url] 　　　　　[url=http://www.donews.net/robinblood/archive/2005/04/30/358041.aspx]http://www.donews.net/robinblood/archive/2005/04/30/358041.aspx[/url]