asp.net 写一个完整的 Forms身份认证

最新推荐文章于 2024-05-22 13:52:22 发布

广交天下好友

最新推荐文章于 2024-05-22 13:52:22 发布

阅读量1.2k

点赞数

分类专栏： asp.net 文章标签： forms asp.net authorization javascript string authentication

本文链接：https://blog.csdn.net/suntanyong88/article/details/6073592

版权

asp.net 专栏收录该内容

108 篇文章 0 订阅

订阅专栏

1,WebConfig配置

修改：

管理员通道，用户通道

<location path="Admin">
    <system.web>
      <authorization>
        <allow roles="Admin"/>
        <deny users="?"/>
      </authorization>
    </system.web>
</location>

<location path="Users">
    <system.web>
      <authorization>
        <allow roles="Operator,Monitor"/>
        <deny users="?"/>
      </authorization>
    </system.web>
</location>

2,登录页面Login 提交事件

protected void ASPxbtnCommit_Click(object sender, EventArgs e) {//提交 USERA user = new USERABLL().GetObjectByCondition(" where username='" + ASPxtxtUsername.Text + "' and password='" + ASPxtxtpwd.Text + "'"); try { if (user.VALIDITY == "N") { Response.Write("<mce:script language='javascript'></mce:script>"); } else { if (user.USERNAME != null) {//判断查询语句是否有记录，如果没记录捕获异常，有记录执行下一步操作 //LoginResult = true; //if (this.ASPxCaptcha1.Code != this.ASPxtxtAuthcode.Text) //{//验证码判断 // Response.Write("<mce:script language='javascript'></mce:script>"); //} if (Session["yanzheng"].ToString() != null && Session["yanzheng"].ToString() != this.ASPxtxtAuthcode.Text) { Response.Write("<mce:script language='javascript'></mce:script>"); } else { string userRoles = user.ROLE+","; //调用UserToRole方法来获取role字符串 FormsAuthenticationTicket Ticket = new FormsAuthenticationTicket(1, ASPxtxtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(30), false, userRoles, "/"); //建立身份验证票对象 string HashTicket = FormsAuthentication.Encrypt(Ticket); //加密序列化验证票为字符串 HttpCookie UserCookie = new HttpCookie(FormsAuthentication.FormsCookieName, HashTicket); //生成Cookie Context.Response.Cookies.Add(UserCookie); //输出Cookie // Context.Response.Redirect(Context.Request["ReturnUrl"]); // 重定向到用户申请的初始页面 if (user.ROLE.Equals("Admin"))//|| user.ROLE.Equals("管理员") { //FormsAuthentication.RedirectFromLoginPage(ASPxtxtUsername.Text, true);//设置永久Cookie Response.Redirect("FrmMain.aspx"); } else { Response.Redirect("FrmMain1.aspx"); } } } } } catch { Response.Write("<mce:script language='javascript'></mce:script>"); //LoginResult = false; } }

记录权限:

                    //得到权限保存cookie
                    HttpCookie myCookie = new HttpCookie("userRole");
                    myCookie["Role"] = dt.Rows[0][2].ToString();//用cookie保存权限
                    myCookie.Expires = DateTime.Now.AddDays(1d);//设置cookie一天有效
                    Response.Cookies.Add(myCookie);//添加cookie

3,全局应用程序 Global.asax

protected void Application_AuthorizeRequest(object sender, System.EventArgs e) { HttpApplication App = (HttpApplication)sender; HttpContext Ctx = App.Context; //获取本次Http请求相关的HttpContext对象 if (Ctx.Request.IsAuthenticated == true) //验证过的用户才进行role的处理 { FormsIdentity Id = (FormsIdentity)Ctx.User.Identity; FormsAuthenticationTicket Ticket = Id.Ticket; //取得身份验证票 string[] Roles = Ticket.UserData.Split(','); //将身份验证票中的role数据转成字符串数组 Ctx.User = new PageUser(Id, Roles); //将原有的Identity加上角色信息新建一个GenericPrincipal表示当前用户,这样当前用户就拥有了role信息 } }

Ctx.User = new System.Security.Principal.GenericPrincipal(Id, Roles);这样修改可以不用派生类

3，继承一个派生类 PageUser

public class PageUser : GenericPrincipal //继承一个派生类 { private int userId; public int UserId { get { return userId; } } public PageUser(IIdentity identity, string[] roles) : base(identity, roles) { // //TODO: 在此处添加构造函数逻辑 // userId = 1; } }

具体怎么分权限，配置WebConfig

主页面代码，为了防止对方，知道你页面位置，没权限也想去来操作系统

//接受权限 if (Request.Cookies["userRole"] != null) { if (!(Request.Cookies["userRole"]["Role"].Equals("Admin"))) { HttpCookie aCookie; string cookieName; int limit = Request.Cookies.Count; for (int i = 0; i < limit; i++) { cookieName = Request.Cookies[i].Name; aCookie = new HttpCookie(cookieName); aCookie.Expires = DateTime.Now.AddDays(-1);//设置Cookie过期 Response.Cookies.Add(aCookie); } Response.Write(" <mce:script type=/"text/javascript/"></mce:script> ");//禁用后退 } }

还可以url 重写或动转静态提高网页安全问题。

流程图：