在一开始学习用ASP.NET来做登录的时候,都是用Session来做登录凭证的,但是由于后期网站的功能越来越多就想把网站的功能细分,而做成像CSDN一样各个网站子分类都有一个自己的域名如news.mysite.com, blog.mysite.com;但问题来了因为Session不能跨应用程序,然后在网站搜索,但找到的都是把子网站合并到主网站去,显示这种做法是极其不合理的;
然后以下是我的想法
不用Session做登录凭证而用Cookies来做登录凭证
1:然后在IIS中建立两个网站News.MySite.com,Blog.MySite.com (注这些在要Hosts文件中进行转向,不懂可以网上搜),注意一定要有域名的网站不然的话如网站主机头为127.0.0.1或者localhost这样的主机头没有办法保存域Cookies
2:在两个网站的Web.config中添加appsetting
< appSettings >
< add key ="RootDomain" value ="mysite.com" />
< add key ="PrivateKey" value ="12345678" />
</ appSettings >
这是为了方便网站以后换域名的时候不用更改代码,PrivateKey是防止篡改Cookies而效仿网银功能添加多一个MD5验证功能
3:编写Cookies操作类
001 | using System; |
002 | using System.Web; |
003 | |
004 | namespace Z.Core.Tools |
005 | { |
006 | /// <summary> |
007 | /// Cookie 操作类 |
008 | /// </summary> |
009 | public class Cookie |
010 | { |
011 | /// <summary> |
012 | /// 设置一个Cookie |
013 | /// </summary> |
014 | /// <param name="name">名称</param> |
015 | /// <param name="value">值</param> |
016 | public static void Set( string name, string value) |
017 | { |
018 | Set(name, value, 0); |
019 | } |
020 | |
021 | /// <summary> |
022 | /// 设置一个Cookie |
023 | /// </summary> |
024 | /// <param name="name">名称</param> |
025 | /// <param name="value">值</param> |
026 | /// <param name="expiresDays">过期时间</param> |
027 | public static void Set( string name, string value, int expiresDays) |
028 | { |
029 | //删除原先添加的相同Cookie |
030 | foreach ( string item in HttpContext.Current.Response.Cookies.AllKeys) |
031 | { |
032 | //判断为和当前已有的Cookie相同的时候进行remove |
033 | if (item == name) |
034 | { |
035 | HttpContext.Current.Response.Cookies.Remove(name); |
036 | } |
037 | } |
038 | HttpCookie MyCookie = new HttpCookie(name); |
039 | if (System.Configuration.ConfigurationManager.AppSettings[ "RootDomain" ] == null ) |
040 | { |
041 | throw new Exception(Lang.Define.Get(Lang.DefineEnum.RootDomain_未设置)); |
042 | } |
043 | MyCookie.Domain = System.Configuration.ConfigurationManager.AppSettings[ "RootDomain" ]; |
044 | if (value != null ) |
045 | { |
046 | MyCookie.Value = System.Web.HttpUtility.UrlEncode(value).Replace( "+" , "%20" ); |
047 | } |
048 | //如果值为null的话说明删除这个cookie |
049 | if (value == null && expiresDays == 0) |
050 | { |
051 | expiresDays = -1; |
052 | } |
053 | if (expiresDays != 0) |
054 | { |
055 | DateTime expires = DateTime.Now.AddDays(expiresDays); |
056 | MyCookie.Expires = expires; |
057 | } |
058 | HttpContext.Current.Response.Cookies.Add(MyCookie); |
059 | } |
060 | |
061 | /// <summary> |
062 | /// 删除一个Cookie |
063 | /// </summary> |
064 | /// <param name="name">名称</param> |
065 | public static void Delele( string name) |
066 | { |
067 | Set(name, "" , -1); |
068 | } |
069 | |
070 | /// <summary> |
071 | /// 取得一个有效的Cookie |
072 | /// </summary> |
073 | /// <param name="name">名称</param> |
074 | /// <returns>值</returns> |
075 | public static string Get( string name) |
076 | { |
077 | string result = null ; |
078 | foreach ( string item in HttpContext.Current.Response.Cookies.AllKeys) |
079 | { |
080 | if (item == name) |
081 | { |
082 | if (HttpContext.Current.Response.Cookies[name].Expires > DateTime.Now || HttpContext.Current.Response.Cookies[name].Expires == new DateTime(1, 1, 1)) |
083 | { |
084 | //如果判断到这个Cookie是有效的,取这个有效的新值 |
085 | result = System.Web.HttpUtility.UrlDecode(HttpContext.Current.Response.Cookies[name].Value); |
086 | return result; |
087 | } |
088 | else |
089 | { |
090 | //无效的话还回null |
091 | return null ; |
092 | } |
093 | } |
094 | } |
095 | //如果在新添加中的没有就取客户端的 |
096 | if (HttpContext.Current.Request.Cookies[name] != null ) |
097 | { |
098 | result = System.Web.HttpUtility.UrlDecode(HttpContext.Current.Request.Cookies[name].Value.Replace( "%20" , "+" )); |
099 | } |
100 | return result; |
101 | } |
102 | |
103 | /// <summary> |
104 | /// 清空Cookie |
105 | /// </summary> |
106 | public static void Clear() |
107 | { |
108 | for ( int i = 0; i <= HttpContext.Current.Request.Cookies.Count - 1; i++) |
109 | { |
110 | //当Cookies的名称不为ASP.NET_SessionID的时候将他删除,因为删除了这个Cookies的话会导致重创建Session链接 |
111 | if (HttpContext.Current.Request.Cookies[i].Name.ToLower() != "asp.net_sessionid" ) |
112 | { |
113 | Set(HttpContext.Current.Request.Cookies[i].Name, "" , -1); |
114 | } |
115 | } |
116 | } |
117 | } |
118 | } |
4:编写登录凭证类
001 | using System; |
002 | using System.Collections.Generic; |
003 | using System.Linq; |
004 | using System.Text; |
005 | |
006 | namespace Z.Core.Tools |
007 | { |
008 | /// <summary> |
009 | /// 网站Cookie集合 |
010 | /// </summary> |
011 | public class CookieGroupTemplate |
012 | { |
013 | /// <summary> |
014 | /// 登录User |
015 | /// </summary> |
016 | public static string UserCode |
017 | { |
018 | get |
019 | { |
020 | CheckKey(); |
021 | return Z.Core.Tools.Cookie.Get( "UserCode" ); |
022 | } |
023 | set |
024 | { |
025 | Z.Core.Tools.Cookie.Set( "UserCode" , value); |
026 | SetKey(); |
027 | } |
028 | } |
029 | |
030 | /// <summary> |
031 | /// 登录用户名 |
032 | /// </summary> |
033 | public static string UserName |
034 | { |
035 | get |
036 | { |
037 | CheckKey(); |
038 | return Z.Core.Tools.Cookie.Get( "UserName" ); |
039 | } |
040 | set |
041 | { |
042 | Z.Core.Tools.Cookie.Set( "UserName" , value); |
043 | SetKey(); |
044 | } |
045 | } |
046 | |
047 | /// <summary> |
048 | /// 登录用户父级代码 |
049 | /// </summary> |
050 | public static string ParentCode |
051 | { |
052 | get |
053 | { |
054 | CheckKey(); |
055 | return Z.Core.Tools.Cookie.Get( "ParentCode" ); ; |
056 | } |
057 | set |
058 | { |
059 | Z.Core.Tools.Cookie.Set( "ParentCode" , value); |
060 | SetKey(); |
061 | } |
062 | } |
063 | |
064 | /// <summary> |
065 | /// 登录用户父级名称 |
066 | /// </summary> |
067 | public static string ParentName |
068 | { |
069 | get |
070 | { |
071 | CheckKey(); |
072 | return Z.Core.Tools.Cookie.Get( "ParentName" ); |
073 | } |
074 | set |
075 | { |
076 | Z.Core.Tools.Cookie.Set( "ParentName" , value); |
077 | SetKey(); |
078 | } |
079 | } |
080 | |
081 | /// <summary> |
082 | /// 登录权限组 |
083 | /// </summary> |
084 | public static string Groups |
085 | { |
086 | get |
087 | { |
088 | CheckKey(); |
089 | return Z.Core.Tools.Cookie.Get( "Groups" ); ; |
090 | } |
091 | set |
092 | { |
093 | Z.Core.Tools.Cookie.Set( "Groups" , value); |
094 | SetKey(); |
095 | } |
096 | } |
097 | |
098 | /// <summary> |
099 | /// 操作位置 |
100 | /// </summary> |
101 | public static string OperateFrom |
102 | { |
103 | get |
104 | { |
105 | return Z.Core.Tools.Cookie.Get( "OperateFrom" ); |
106 | } |
107 | set |
108 | { |
109 | Z.Core.Tools.Cookie.Set( "OperateFrom" , value); |
110 | } |
111 | } |
112 | |
113 | /// <summary> |
114 | /// 加密Cookies定义 |
115 | /// </summary> |
116 | static List< string > CookieKeys = new List< string >() |
117 | { |
118 | "UserCode" , "UserName" , "ParentCode" , "ParentName" , "Groups" , "OperateFrom" |
119 | }; |
120 | |
121 | /// <summary> |
122 | /// 生成验证Key |
123 | /// </summary> |
124 | static void SetKey() |
125 | { |
126 | string key = "" ; |
127 | foreach (var s in CookieKeys) |
128 | { |
129 | key += s; |
130 | key += "=" ; |
131 | key += Cookie.Get(s); |
132 | key += "&" ; |
133 | } |
134 | key += SettingGroupTemplate.PrivateKey; |
135 | key = key.ToMD5(); |
136 | Cookie.Set( "PrivateKey" , key); |
137 | } |
138 | |
139 | /// <summary> |
140 | /// 验证Cookie |
141 | /// </summary> |
142 | static void CheckKey() |
143 | { |
144 | string key = "" ; |
145 | foreach (var s in CookieKeys) |
146 | { |
147 | key += s; |
148 | key += "=" ; |
149 | key += Cookie.Get(s); |
150 | key += "&" ; |
151 | } |
152 | string privateKey = Cookie.Get( "PrivateKey" ); |
153 | if (privateKey == null ) |
154 | { |
155 | string _key = "" ; |
156 | foreach (var s in CookieKeys) |
157 | { |
158 | _key += s; |
159 | _key += "=" ; |
160 | _key += "&" ; |
161 | } |
162 | if (key == _key) |
163 | { |
164 | SetKey(); |
165 | return ; |
166 | } |
167 | } |
168 | key += SettingGroupTemplate.PrivateKey; |
169 | key = key.ToMD5(); |
170 | if (privateKey == null ) |
171 | { |
172 | |
173 | } |
174 | if (key != privateKey) |
175 | { |
176 | throw new ExceptionMessage(Lang.DefineEnum.Cookie验证出错.Define()); |
177 | } |
178 | } |
179 | } |
180 | } |
----------------------------------------
好了,我默认在我的Cookies类中添加了几个常用到的值为读取这些Cookies的时候进行MD5验证,以保证Cookies的安全性
然后只要在你的网站项目中引用上面两个类,
然后在任意一个网站写入代码
Z.Core.Tools.CookieGroupTemplate.UserCode = "123";
然后在其他网站中用代码
Z.Core.Tools.CookieGroupTemplate.UserCode;
都可以读取得到这个登录用户的ID