首先确定哪些页面限制用户没有登录就进入,那些页面不限制用户登陆进入,在web.config里面配置一下
</httpHandlers>
<authentication mode="Forms">
<forms loginUrl="MySpaceLogin.aspx" name=".ASPXAUTH"></forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
<location path="AllStyle">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="images">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="MySpaceRegister.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
创建一个全局文件Global.asax
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
//从网页里提取cookie
string cookieName = FormsAuthentication.FormsCookieName;
HttpCookie authCookie = Context.Request.Cookies["cookieName"];
if (authCookie == null)
{
return;
}
//从cookie里获取封装的用户信息
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(authCookie.Value);
if (ticket == null)
{
return;
}
string[] roles = ticket.UserData.Split(new char[] {','});
FormsIdentity id = new FormsIdentity(ticket);
System.Security.Principal.GenericPrincipal principal = new System.Security.Principal.GenericPrincipal(id,roles);
//把原来的cookie里的信息给当前用户绑定
Context.User = principal;
}
登陆的时候验证一下
if (user.Email == UserEmail)
{
//如果数据库里存在此人就给他颁发cookie
//创建一个身份信息的片段
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, user.Email, DateTime.Now, DateTime.Now.AddMinutes(20), true, "");
//给身份信息的片段加密
string encryptTicket = FormsAuthentication.Encrypt(ticket);
//把身份信息片段封装成cookie
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptTicket);
//给客户端添加cookie
Response.Cookies.Add(cookie);
//如果不是服务器的其他页面强制到达此页面登陆成功主页
if (Request.QueryString["ReturnUrl"] == null)
{
Server.Transfer("MySpaceMain.aspx");
}
//如果是服务器其他页面强制到达此页面,登陆成功回道哪个强制的页面
else
{
Server.Transfer(Request.QueryString["ReturnUrl"]);
}
}
else
{
Server.Transfer("MySpaceLogFailed.aspx");
}
退出的时候,消除cookies
FormsAuthentication.SignOut();
Response.Redirect("MySpaceLogin.aspx");