gloable中
using System;
using System.Collections;
using System.ComponentModel;
using System.Web;
using System.Web.SessionState;
using System.Security.Permissions;
using System.Security.Principal;
using System.Web.Security;
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
//System.Security.Permissions.fo
if (HttpContext.Current.User != null)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (HttpContext.Current.User.Identity is FormsIdentity)
{
FormsIdentity id =
(FormsIdentity)HttpContext.Current.User.Identity;
FormsAuthenticationTicket ticket = id.Ticket;
// Get the stored user-data, in this case, our roles
string userData = ticket.UserData;
string[] roles = userData.Split(',');
HttpContext.Current.User = new GenericPrincipal(id, roles);
}
}
}
}
login.aspx
<%@ Page language="c#" Codebehind="Login.aspx.cs" AutoEventWireup="false" Inherits="test308_formsvalidate.Login" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
<HEAD>
<title>Login</title>
<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
<meta name="CODE_LANGUAGE" Content="C#">
<meta name="vs_defaultClientScript" content="JavaScript">
<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
</HEAD>
<body>
<form id="Form1" method="post" runat="server">
<p>Username: <input id="Username" runat="server" type="text" NAME="Username"><br>
Password: <input id="Password" runat="server" type="password" NAME="Password"><br>
<asp:Button id="btnLogin" runat="server" Text="Login" />
<asp:Label id="ErrorLabel" runat="Server" ForeColor="Red" Visible="false" /></p>
</form>
</body>
</HTML>
webconfig中
</system.web>
<location path="zimulu1">
<system.web>
<authorization>
<!-- Order and case are important below -->
<allow roles="Administrator"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="zimulu2">
<system.web>
<authorization>
<!-- Order and case are important below -->
<allow roles="User"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
</configuration>
<authentication mode="Forms">
<forms name="MYWEBAPP.ASPXAUTH"
loginUrl="Login.aspx"
protection="All"
path="/"/>
</authentication>
数据库
CREATE TABLE users
(
username nvarchar(64) CONSTRAINT users_PK PRIMARY KEY,
password nvarchar(128),
roles nvarchar(64)
)
CREATE INDEX credentials ON users
(
username,
password
)