本文为【Asp.Net基于forms的验证机制】的汉字拼音对照版显示拼音
项xiang目mu需xu要yao研yan究jiu了le下xiaAsp.Net的de基ji于yuforms的de验yan证zheng机ji制zhi
构gou建jian基ji于yuforms的de验yan证zheng机ji制zhi过guo程cheng如ru下xia:
1,设she置zhiIIS为wei可ke匿ni名ming访fang问wen和heasp.net web.config中zhong设she置zhi为weiform验yan证zheng
2,检jian索suo数shu据ju存cun储chu验yan证zheng用yong户hu,并bing检jian索suo角jiao色se(如ru果guo不bu是shi基ji于yu角jiao色se可ke不bu用yong)
简jian单dan无wurole方fang式shi:
使shi用yongFormsAuthenticationTicket创chuang建jian一yi个geCookie并bing回hui发fa到dao客ke户hu端duan,并bing存cun储chu 角jiao色se到dao票piao中zhong,如ru:
FormsAuthentication.SetAuthCookie(Username,true | false)
cookies保bao存cun时shi间jian:
HttpContext.Current.Response.Cookies[FormsAuthentication.FormsCookieName].Expires=DateTime.Now.AddDays(1)
如ru果guo需xu要yao存cun储chu角jiao色se方fang式shi:view plaincopy to clipboardprint?
FormsAuthenticationTicket authTicket = new
FormsAuthenticationTicket(
1, // version
txtUserName.Text, // user name
DateTime.Now, // creation
DateTime.Now.AddMinutes(20),// Expiration
false, // Persistent
roles ); // User data
//roles是shi一yi个ge角jiao色se字zi符fu串chuan数shu组zu
string encryptedTicket = FormsAuthentication.Encrypt(authTicket); //加jia密mi
FormsAuthenticationTicket authTicket = new
FormsAuthenticationTicket(
1, // version
txtUserName.Text, // user name
DateTime.Now, // creation
DateTime.Now.AddMinutes(20),// Expiration
false, // Persistent
roles ); // User data
//roles是shi一yi个ge角jiao色se字zi符fu串chuan数shu组zu
string encryptedTicket = FormsAuthentication.Encrypt(authTicket); //加jia密mi 存cun入ruCookie view plaincopy to clipboardprint?
HttpCookie authCookie =
new HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket);
Response.Cookies.Add(authCookie);
HttpCookie authCookie =
new HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket);
Response.Cookies.Add(authCookie); 在zaiApplication_AuthenticateRequest事shi件jian中zhong处chu理li程cheng序xu中zhong(Global.asax)中zhong,使shi用yong票piao创chuang建jianIPrincipal对dui象xiang并bing存cun在zaiHttpContext.User中zhong代dai码ma: view plaincopy to clipboardprint?
protected void Application_AuthorizeRequest(object sender, System.EventArgs e)
{
HttpApplication App = (HttpApplication) sender;
HttpContext Ctx = App.Context ; //获huo取qu本ben次ciHttp请qing求qiu相xiang关guan的deHttpContext对dui象xiang
if (Ctx.Request.IsAuthenticated == true) //验yan证zheng过guo的de用yong户hu才cai进jin行xingrole的de处chu理li
{
FormsIdentity Id = (FormsIdentity)Ctx.User.Identity ;
FormsAuthenticationTicket Ticket = Id.Ticket ; //取qu得de身shen份fen验yan证zheng票piao
string[] Roles = Ticket.UserData.Split (',') ; //将jiang身shen份fen验yan证zheng票piao中zhong的derole数shu据ju转zhuan成cheng字zi符fu串chuan数shu组zu
Ctx.User = new GenericPrincipal (Id, Roles) ; //将jiang原yuan有you的deIdentity加jia上shang角jiao色se信xin息xi新xin建jian一yi个geGenericPrincipal表biao示shi当dang前qian用yong户hu,这zhe样yang当dang前qian用yong户hu就jiu拥yong有you了lerole信xin息xi
}
}
protected void Application_AuthorizeRequest(object sender, System.EventArgs e)
{
HttpApplication App = (HttpApplication) sender;
HttpContext Ctx = App.Context ; //获huo取qu本ben次ciHttp请qing求qiu相xiang关guan的deHttpContext对dui象xiang
if (Ctx.Request.IsAuthenticated == true) //验yan证zheng过guo的de用yong户hu才cai进jin行xingrole的de处chu理li
{
FormsIdentity Id = (FormsIdentity)Ctx.User.Identity ;
FormsAuthenticationTicket Ticket = Id.Ticket ; //取qu得de身shen份fen验yan证zheng票piao
string[] Roles = Ticket.UserData.Split (',') ; //将jiang身shen份fen验yan证zheng票piao中zhong的derole数shu据ju转zhuan成cheng字zi符fu串chuan数shu组zu
Ctx.User = new GenericPrincipal (Id, Roles) ; //将jiang原yuan有you的deIdentity加jia上shang角jiao色se信xin息xi新xin建jian一yi个geGenericPrincipal表biao示shi当dang前qian用yong户hu,这zhe样yang当dang前qian用yong户hu就jiu拥yong有you了lerole信xin息xi
}
}需xu要yao对dui某mou些xie页ye面mian进jin行xing角jiao色se控kong制zhi,有you两liang种zhong方fang法fa:
1、web.config中zhong加jia view plaincopy to clipboardprint?
<location path="EditPost.aspx">
<system.web>
<authorization>
<allow roles="RoleName" />
<deny users="?" />
</authorization>
</system.web>
</location>
<location path="EditPost.aspx">
<system.web>
<authorization>
<allow roles="RoleName" />
<deny users="?" />
</authorization>
</system.web>
</location> 2、把ba只zhi能neng是shi某mou种zhong角jiao色se访fang问wen的de文wen件jian放fang在zai同tong一yi目mu录lu下xia,在zai此ci目mu录lu下xia添tian加jia一yi个geweb.config view plaincopy to clipboardprint?
<configuration>
<system.web>
<authorization>
<allow roles="RoleName" />
<deny users="*" />
</authorization>
</system.web>
</configuration>
<configuration>
<system.web>
<authorization>
<allow roles="RoleName" />
<deny users="*" />
</authorization>
</system.web>
</configuration> 说shuo明ming:子zi目mu录lu的deweb.config设she置zhi优you先xian于yu父fu目mu录lu的deweb.config设she置zhi
以yi上shang参shen考kao:http://www.cnblogs.com/kwklover/archive/2004/06/29/19455.aspx
http://www.donews.net/robinblood/archive/2005/04/30/358041.aspx