Asp.Net基于forms的验证机制

本文为【Asp.Net基于forms的验证机制】的汉字拼音对照版显示拼音

项xiang目mu需xu要yao研yan究jiu了le下xiaAsp.Net的de基ji于yuforms的de验yan证zheng机ji制zhi

构gou建jian基ji于yuforms的de验yan证zheng机ji制zhi过guo程cheng如ru下xia：

1,设she置zhiIIS为wei可ke匿ni名ming访fang问wen和heasp.net web.config中zhong设she置zhi为weiform验yan证zheng

2,检jian索suo数shu据ju存cun储chu验yan证zheng用yong户hu，并bing检jian索suo角jiao色se(如ru果guo不bu是shi基ji于yu角jiao色se可ke不bu用yong)

简jian单dan无wurole方fang式shi：

使shi用yongFormsAuthenticationTicket创chuang建jian一yi个geCookie并bing回hui发fa到dao客ke户hu端duan，并bing存cun储chu 角jiao色se到dao票piao中zhong，如ru：

FormsAuthentication.SetAuthCookie(Username,true | false)

cookies保bao存cun时shi间jian：

HttpContext.Current.Response.Cookies[FormsAuthentication.FormsCookieName].Expires=DateTime.Now.AddDays(1)

如ru果guo需xu要yao存cun储chu角jiao色se方fang式shi：view plaincopy to clipboardprint?

FormsAuthenticationTicket authTicket = new

FormsAuthenticationTicket(

1, // version

txtUserName.Text, // user name

DateTime.Now, // creation

DateTime.Now.AddMinutes(20),// Expiration

false, // Persistent

roles ); // User data

//roles是shi一yi个ge角jiao色se字zi符fu串chuan数shu组zu

string encryptedTicket = FormsAuthentication.Encrypt(authTicket); //加jia密mi

FormsAuthenticationTicket authTicket = new

FormsAuthenticationTicket(

1, // version

txtUserName.Text, // user name

DateTime.Now, // creation

DateTime.Now.AddMinutes(20),// Expiration

false, // Persistent

roles ); // User data

//roles是shi一yi个ge角jiao色se字zi符fu串chuan数shu组zu

string encryptedTicket = FormsAuthentication.Encrypt(authTicket); //加jia密mi 存cun入ruCookie view plaincopy to clipboardprint?

HttpCookie authCookie =

new HttpCookie(FormsAuthentication.FormsCookieName,

encryptedTicket);

Response.Cookies.Add(authCookie);

HttpCookie authCookie =

new HttpCookie(FormsAuthentication.FormsCookieName,

encryptedTicket);

Response.Cookies.Add(authCookie); 在zaiApplication_AuthenticateRequest事shi件jian中zhong处chu理li程cheng序xu中zhong(Global.asax)中zhong，使shi用yong票piao创chuang建jianIPrincipal对dui象xiang并bing存cun在zaiHttpContext.User中zhong代dai码ma： view plaincopy to clipboardprint?

protected void Application_AuthorizeRequest(object sender, System.EventArgs e)

{

HttpApplication App = (HttpApplication) sender;

HttpContext Ctx = App.Context ; //获huo取qu本ben次ciHttp请qing求qiu相xiang关guan的deHttpContext对dui象xiang

if (Ctx.Request.IsAuthenticated == true) //验yan证zheng过guo的de用yong户hu才cai进jin行xingrole的de处chu理li

{

FormsIdentity Id = (FormsIdentity)Ctx.User.Identity ;

FormsAuthenticationTicket Ticket = Id.Ticket ; //取qu得de身shen份fen验yan证zheng票piao

string[] Roles = Ticket.UserData.Split (',') ; //将jiang身shen份fen验yan证zheng票piao中zhong的derole数shu据ju转zhuan成cheng字zi符fu串chuan数shu组zu

Ctx.User = new GenericPrincipal (Id, Roles) ; //将jiang原yuan有you的deIdentity加jia上shang角jiao色se信xin息xi新xin建jian一yi个geGenericPrincipal表biao示shi当dang前qian用yong户hu,这zhe样yang当dang前qian用yong户hu就jiu拥yong有you了lerole信xin息xi

}

}

protected void Application_AuthorizeRequest(object sender, System.EventArgs e)

{

HttpApplication App = (HttpApplication) sender;

HttpContext Ctx = App.Context ; //获huo取qu本ben次ciHttp请qing求qiu相xiang关guan的deHttpContext对dui象xiang

if (Ctx.Request.IsAuthenticated == true) //验yan证zheng过guo的de用yong户hu才cai进jin行xingrole的de处chu理li

{

FormsIdentity Id = (FormsIdentity)Ctx.User.Identity ;

FormsAuthenticationTicket Ticket = Id.Ticket ; //取qu得de身shen份fen验yan证zheng票piao

string[] Roles = Ticket.UserData.Split (',') ; //将jiang身shen份fen验yan证zheng票piao中zhong的derole数shu据ju转zhuan成cheng字zi符fu串chuan数shu组zu

Ctx.User = new GenericPrincipal (Id, Roles) ; //将jiang原yuan有you的deIdentity加jia上shang角jiao色se信xin息xi新xin建jian一yi个geGenericPrincipal表biao示shi当dang前qian用yong户hu,这zhe样yang当dang前qian用yong户hu就jiu拥yong有you了lerole信xin息xi

}

}需xu要yao对dui某mou些xie页ye面mian进jin行xing角jiao色se控kong制zhi，有you两liang种zhong方fang法fa：

1、web.config中zhong加jia view plaincopy to clipboardprint?

<location path="EditPost.aspx">

<system.web>

<authorization>

<allow roles="RoleName" />

<deny users="?" />

</authorization>

</system.web>

</location>

<location path="EditPost.aspx">

<system.web>

<authorization>

<allow roles="RoleName" />

<deny users="?" />

</authorization>

</system.web>

</location> 2、把ba只zhi能neng是shi某mou种zhong角jiao色se访fang问wen的de文wen件jian放fang在zai同tong一yi目mu录lu下xia,在zai此ci目mu录lu下xia添tian加jia一yi个geweb.config view plaincopy to clipboardprint?

<configuration>

<system.web>

<authorization>

<allow roles="RoleName" />

<deny users="*" />

</authorization>

</system.web>

</configuration>

<configuration>

<system.web>

<authorization>

<allow roles="RoleName" />

<deny users="*" />

</authorization>

</system.web>

</configuration> 说shuo明ming：子zi目mu录lu的deweb.config设she置zhi优you先xian于yu父fu目mu录lu的deweb.config设she置zhi

以yi上shang参shen考kao：http://www.cnblogs.com/kwklover/archive/2004/06/29/19455.aspx
http://www.donews.net/robinblood/archive/2005/04/30/358041.aspx

• ·c#获取真实IP和代理IP
• ·正则表达式 大杂烩
• ·关于.net中页面CSS样式丢失的解决方案
• ·使用DES对称加密代码，支持中文
• ·能够通过w3验证的css文字阴影效果
• ·C# 2.0中的上传多个图片合并及存入数据库的
• ·C-Sharp调用标准动态库（记录）
• ·页面刷新后WebControl的动态添加内容不
• ·解决Windows vista复制粘贴文件速度
• ·ASP.NET动态加载控件的"追赶论"

• 未来我们可以和性爱机器人结婚吗？
  探索
• 女性臀部暗示性欲大小
  女性
• 五个症状提醒你免疫力在下降了
  健康
• 韩式辣椒酱爆伍丁(图)－西餐菜谱
  美食