Form验证是微软给开发人员提供的一个类,它的作用是用户登录之后,把相关信息写到cookie里面,然后设置一个过期时间,如果在这个有效时间内,用户无需登录,否则,cookie失效,用户需要重新登录。
废话不多说,先上代码:
首先,我们写一个类,这个类保存用户的基本信息,就是保存到cookie里面的信息:
[Serializable()]
public class IdentityUser
{
public IdentityUser() // 默认的构造函数
{
UserId = 0;
}
public int UserId
{
get;
set;
}
public string LoginName
{
get;
set;
}
public string NickName
{
get;
set;
}
public string PicPath
{
get;
set;
}
public string UserSign
{
get;
set;
}
}
在写一个继承controller的基类,这个基类的作用就是把用户登录的信息保存到cookie,如果cookie为空,就跳到登录界面,这样写的好处就是,如果有Form验证的需求就只需要直接继承这个基类,就可以实现功能了,很方便。
public abstract class UserControllerBase : Controller
{
protected UserControllerBase()
{
HttpCookie authCookie = HttpContext.Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie == null)
{
HttpContext.Response.Redirect("~/Account/Logon");
}
else
{
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);//解密
string strCookieValue = authTicket.UserData;
CMSLoginName = authTicket.Name;
IdentityUser iu = new IdentityUser();
System.Xml.Serialization.XmlSerializer x = new System.Xml.Serialization.XmlSerializer(iu.GetType());
TextReader tr = new StringReader(strCookieValue);
iu = (IdentityUser)x.Deserialize(tr);
CMSUserId = iu.UserId;
CMSLoginName = iu.LoginName;
CMSNickName = iu.NickName;
CMSPicPath = iu.PicPath;
CMSUserSign = iu.UserSign;
}
}
public new HttpContextBase HttpContext
{
get
{
HttpContextWrapper context = new HttpContextWrapper(System.Web.HttpContext.Current);
return (HttpContextBase)context;
}
}
protected int CMSUserId
{
get;
set;
}
protected string CMSLoginName
{
get;
set;
}
protected string CMSNickName
{
get;
set;
}
protected string CMSPicPath
{
get;
set;
}
protected string CMSUserSign
{
get;
set;
}
}
对上面的代码讲解一下,首先,我们判断authcookie是不是为空,如果为空,则表示cookie失效过期了,然后直接跳到登录界面,
如果cookie不为空,就序列化之前存在cookie里面的类,获得用户的信息
写到这里,其实还有一个步骤没做,就是在登录的时候,要把数据写到cookie,代码如下:
FormsAuthentication.SetAuthCookie(userName, true);
这个方法的作用是保持用户登录,如果第二个参数是true,过期时间就是web.config里的时间,如果是false则关闭浏览器就过期。
IdentityUser iu = new IdentityUser();
iu.UserId = userInfo.UserId;
iu.LoginName = userInfo.LoginName;
iu.NickName = userInfo.NickName;
iu.PicPath = userInfo.Pic;
iu.UserSign = userInfo.Sign;
System.Xml.Serialization.XmlSerializer x = new System.Xml.Serialization.XmlSerializer(iu.GetType());
StringBuilder sb = new StringBuilder();
StringWriter sw = new StringWriter(sb);
x.Serialize(sw, iu);
//string userData = CMS.Security.GGTongEntrcy.EncryptText(sb.ToString());
string userData = sb.ToString();
HttpCookie authCookie = FormsAuthentication.GetAuthCookie(userInfo.LoginName, true);
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(authCookie.Value);
FormsAuthenticationTicket newTicket = new FormsAuthenticationTicket(
ticket.Version, ticket.Name, ticket.IssueDate,
ticket.Expiration, ticket.IsPersistent, userData);
authCookie.Value = FormsAuthentication.Encrypt(newTicket);
HttpContext.Response.Cookies.Add(authCookie);
Form身份认证依赖Cookie,Asp.net就是每次检查我们在配置文件中指定的Cookie名称,并解密这个Cookie来判断当前请求用户的登录状态。