Asp.net官方标准控件实现用户的管理,虽然简单,但控件封装性很强,开发人员不能明白做了什么样的调用,还用别一方面,标准控件的使用,很大程度上限制了程序的可变性。如果自开发一整套用户管理系统,可行,但又失去了标准用户控件的作用,于是用API来管理用户,成为一个很好的先择,下面我列出主要(不 全部)的用户管理API实例:
1、注册用户
用Membership.CreateUser来创建设新用户,注意密友要包含一个符号,Membership位于System.Web.Security命名空间内。
//cs
try
{
MembershipCreateStatus MCS;
Membership.CreateUser(name.Text, password.Text,email .Text ,question .Text,answer .Text ,true , out MCS );
Response.Write(MCS.ToString ());
}
catch(Exception s)
{
//异常处理代码
}
//Aspx代码
<asp:Label ID="Label1" runat="server" Text="用户名:"></asp:Label>
<asp:TextBox ID="name" runat="server" Width="196px"></asp:TextBox> <asp:Label ID="Label2" runat="server" Text="密码:"></asp:Label>
<asp:TextBox ID="password" runat="server" Width="197px"></asp:TextBox>
<asp:Label ID="Label3" runat="server" Text="确认密码:"></asp:Label>
<asp:TextBox ID="OtherPass" runat="server" Width="196px"></asp:TextBox>
<asp:Label ID="Label4" runat="server" Text="电子邮件:"></asp:Label>
<asp:TextBox ID="email" runat="server" Width="193px"></asp:TextBox>
<asp:Label ID="Label5" runat="server" Text="安全提示问题:"></asp:Label> <asp:TextBox ID="question" runat="server" Width="189px"></asp:TextBox>
<asp:Label ID="Label6" runat="server" Text="安全答案:"></asp:Label>
<asp:TextBox ID="answer" runat="server" Width="187px"></asp:TextBox>
<asp:Button ID="Button1" runat="server" οnclick="Button1_Click" Text="注册" Width="69px" />
2、用户登录
用户登录用Membershi.ValidateUser来验证用户名和密码。如果通过验证,调用FormsAuthentication.RedirectFromLoginPage导向目标页面(这里以及后面的一些设置都是配合Forms验证展开,都预先在web.config中配置好Forms的验证策略)。
//cs代码,在登录按钮的单击事件注册的方法中
if (Membership.ValidateUser(UserName.Text,Password.Text))
{
FormsAuthentication.RedirectFromLoginPage(UserName.Text, false);
}
else
{
Response.Write("登录失败!");
}
//Aspx代码
<asp:Label ID="Label1" runat="server" Text="用户名:"></asp:Label>
<asp:TextBox ID="UserNmae" runat="server"></asp:TextBox>
<asp:Label ID="Label2" runat="server" Text="密码:"></asp:Label>
<asp:TextBox ID="Password" runat="server"></asp:TextBox>
<asp:Button ID="Login_But" runat="server" οnclick="Button1_Click" Text="登录" Width="69px" />
<asp:HyperLink ID="FindPass_HL" runat="server" NavigateUrl="~/FindPassword.aspx">忘记密码</asp:HyperLink>
<asp:HyperLink ID="Reg_HL" runat="server" NavigateUrl="~/register.aspx">注册</asp:HyperLink>
3、找回密码
//cs Cs中的邮件发方法,关于一些邮件的配置是在web.confing中存放,方法中有相关的获取方法
using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.Configuration;
using System.Net.Configuration;
using System.Net.Mail ;
public partial class FindPassword : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
Wizard1.ActiveStepIndex = 0;
}
}
protected void Wizard1_NextButtonClick(object sender, WizardNavigationEventArgs e)
{
try
{
Label1.Text = "问题是:" Membership.GetUser(Quest_TB.Text).PasswordQuestion;
}
catch (Exception ee)
{
Response.Write("异常,详细错误:" ee.Message);
}
}
protected void Wizard1_FinishButtonClick(object sender, WizardNavigationEventArgs e)
{
try
{
Configuration c = WebConfigurationManager.OpenWebConfiguration(@"~web.config"); ;
NetSectionGroup ns = NetSectionGroup.GetSectionGroup(c);
string forms = ns.MailSettings.Smtp.From;
string hosts = ns.MailSettings.Smtp.Network.Host;
int ports = ns.MailSettings.Smtp.Network.Port;
string usernames = ns.MailSettings.Smtp.Network.UserName;
string passwords = ns.MailSettings.Smtp.Network.Password;
MailAddress from = new MailAddress(forms);
MailAddress to = new MailAddress(Membership.GetUser(TextBox1.Text).Email);
MailMessage message = new MailMessage(from, to);
message.Subject = "密码";
string nr = "您好:你的密码为:" Membership.GetUser(Quest_TB.Text).ResetPassword(Answer_TB.Text);
message.Body = nr;
SmtpClient client = new SmtpClient(hosts, ports);
client.Send(message);
}
catch (Exception ee)
{
Response.Write("发送邮箱密码错误!详细信息:" ee.Message);
}
}
}
//Aspx代码
<asp:Wizard ID="Wizard1" runat="server" ActiveStepIndex="2"
DisplaySideBar="False" Height="103px"
onfinishbuttοnclick="Wizard1_FinishButtonClick"
onnextbuttοnclick="Wizard1_NextButtonClick" Width="168px">
<WizardSteps>
<asp:WizardStep runat="server" title="用户名">
请输入用户名:<br />
<asp:TextBox ID=" Quest_TB" runat="server" Width="141px"></asp:TextBox>
</asp:WizardStep>
<asp:WizardStep runat="server" title="问题">
<asp:Label ID="Label1" runat="server" Text="问题是:"></asp:Label>
<br />
<asp:Label ID="Label2" runat="server" Text="问题:"></asp:Label>
<br />
<asp:TextBox ID="Answer_TB" runat="server" Width="161px"></asp:TextBox>
<br />
</asp:WizardStep>
<asp:WizardStep runat="server" Title="完成">
<asp:Label ID="Label3" runat="server" Text="修改密码完成!"></asp:Label>
</asp:WizardStep>
</WizardSteps>
</asp:Wizard>
//web.config中的配置位于configuration标签中
<system.net>
<mailSettings>
<smtp from="axzxs2001@163.com">
<network host="smtp.163.com" password="*********" userName="axzxs2001" />
</smtp>
</mailSettings>
</system.net>
4、注销用户
FormsAuthentication.SignOut();//注销用户
Roles.DeleteCookie();//清除cookie
FormsAuthentication.RedirectToLoginPage();//注销后转回到登陆页
5、删除用户
string username =”用户名”; Membership.DeleteUser(username); FormsAuthentication.RedirectToLoginPage();//注销后转回到登陆页
MembershipUser MU = Membership.GetUser ();MU.Email = "axzxs2002@163.com"; Membership.UpdateUser(MU);6、修改用户信息
7、修改密码
8、修改密码问题if (Membership.GetUser().ChangePassword(OldTextBox.Text, newTextBox.Text)) { Response.Write("更改用户密码成功!"); } else { Response.Write("更改用户密码失败!"); }
9、获取所有用户信息if (Membership.GetUser().ChangePasswordQuestionAndAnswer(PassWordTB.Text, this.OldQuesTB.Text, NewQuesTB.Text)) { Response.Write("更改提问问题成功!"); } else { Response.Write("更改提问问题失败!"); }
Response.Write("当前用户:" Page.User.Identity.Name "<br >"); DataTable DT=new DataTable (); DT.Columns.Add("用户名 ", typeof(string)); DT.Columns.Add("创建时间",typeof(string)); DT.Columns.Add("Email", typeof(string)); DT.Columns.Add("是否在线", typeof(string)); DT.Columns.Add("问题", typeof(string)); DT.Columns.Add("角色",typeof(string)); foreach (MembershipUser MU in Membership.GetAllUsers()) { string js = ""; string[] jsArr = Roles.GetRolesForUser(MU.UserName); foreach (string jss in jsArr) { js = jss " "; } DT.Rows.Add(MU.UserName, MU.CreationDate, MU.Email, MU.IsOnline, MU.PasswordQuestion, js); } GridView1.DataSource = DT; GridView1.DataBind();
10、获取所有角色
string[] roseArr= Roles.GetAllRoles(); GridView2.DataSource = roseArr; GridView2.DataBind();
11、创建角色
try { Roles.CreateRole(RoseTextBox.Text); } catch (Exception me) { Response.Write(me.Message); }
12、给用户分配角色
13、获取角色下的用户try { Roles.AddUserToRole(usernameTB.Text ,RolseTB.Text); } catch (Exception me) { Response.Write(me.Message); }
把角色对应的用户加载到树形菜单中
TreeView1.Nodes.Clear(); string[] rolesArr= Roles.GetAllRoles(); foreach (string ro in rolesArr) { TreeNode TN = new TreeNode(ro); TreeView1.Nodes.Add(TN); } for (int i=0;i<TreeView1.Nodes.Count ;i ) { string[] yh= Roles.GetUsersInRole (TreeView1.Nodes[i].Text ); foreach (string s in yh) { TreeNode TTN = new TreeNode(s); TreeView1.Nodes[i].ChildNodes.Add(TTN); } }
现在有了用户和角色,用户和角色也能关联上了,但权限怎么办呢?角色对应的权限怎么来实现呢?权限的设置要在web.config中的验证段落来配置。比如下面的设置,是设置了只有收银员这个角色才能进入系统,其他用户都是不可以的。
在权限这块,常出现的问题是一种角色,对应着一种访问权限,即一种角色具有相同的访问某些页面,这个怎么实现呢?这里可以通过配置相应的验证来实现,比如下页的实例:<authentication mode="Forms"> </authentication> <authorization > <allow roles="收银员" /> <deny users="*" /> </authorization>
这段是配置了所有用户和角色都是可以访问register.aspx页面的<location path="register.aspx" allowOverride="true" > <system.web> <authorization > <allow users="?" /> </authorization> </system.web> </location>