管理用户
一、功能简介
1、可以注册新用户:(Register.aspx)
2、权限分为三种(管理员、注册用户、匿名用户),不同权限的用户进入不同的页面。
匿名用户即使知道注册用户的页面路径,直接登录也不行。(Login.aspx、Default.aspx)
3、非匿名的用户可以修改密码。UpdateUserData.aspx
4、忘了密码可以找回。如果你回答正确,系统会自动吧随机生成的密码发到你的email(包含在Login.aspx里)。
5、管理员可以添加、删除角色(用户)(RoleList.aspx、UserList.aspx)
6、项目结构如图1:
二、步骤
1、做一个模板母页MasterPage.master,代码如下:
< script runat ="server" language ="c#" > ...
void Page_Load(object sender, System.EventArgs e)
...{
if (this.IsPostBack == false) ...{
// Membership.ApplicationName = "test";
// this.LB_ActiveUsers.Text = Membership.GetNumberOfUsersOnline().ToString();
// Note: AccessMembershipProvider.GetNumberOfUsersOnline failes currently
this.LB_ActiveUsers.Text = "1";
}
}</script>
<html>
<head runat="server">
<title>Untitled Page</title>
</head>
<body>
<form runat="server">
<table id="Table1" cellspacing="1" cellpadding="1" width="100%" border="1">
<tr>
<td style="WIDTH: 12px">
</td>
<td>
<p align="right">
<asp:loginname id="LoginName1" runat="server" formatstring="You are signed in as: {0}">
</asp:loginname>
<asp:loginstatus id="LoginStatus1" runat="server">
</asp:loginstatus>
</p>
</td>
</tr>
<tr>
<td valign="top" nowrap width="150">
<asp:loginview id="LoginView1" runat="server">
<anonymoustemplate>
Links:<br />
<asp:hyperlink ID=hl1 runat="server" navigateurl="~/Default.aspx">Main</asp:hyperlink>
<br />
<asp:hyperlink ID=hl2 runat="server" navigateurl="~/Register.aspx">Register User</asp:hyperlink>
</anonymoustemplate>
<rolegroups>
<asp:rolegroup roles="Admins,SuperUsers">
<contenttemplate>
Links:<br /><asp:hyperlink ID=hl3 runat="server" navigateurl="~/Default.aspx">Main</asp:hyperlink><br /><asp:hyperlink runat="server" navigateurl="~/ProtectedArea/Default.aspx" id="Hyperlink2">Protected Area</asp:hyperlink><br />
<asp:hyperlink ID=hl4 runat="server" navigateurl="~/AdminArea/Default.aspx">Admin Area</asp:hyperlink>
</contenttemplate>
</asp:rolegroup>
</rolegroups>
<loggedintemplate>
Links:<br />
<asp:hyperlink runat="server" ID=hl5 navigateurl="~/Default.aspx">Main</asp:hyperlink><br />
<asp:hyperlink runat="server" ID=hl6 navigateurl="~/ProtectedArea/Default.aspx">Protected Area</asp:hyperlink>
</loggedintemplate>
</asp:loginview>
</td>
<td valign="top">
<asp:contentplaceholder id="ContentPlaceHolder1" runat="server">
</asp:contentplaceholder>
</td>
</tr>
<tr>
<td colspan="2">
<b>Active User Count:
<asp:label id="LB_ActiveUsers" runat="server"></asp:label></b>
</td>
</tr>
</table>
</form>
</body>
</html>
2、新建文件夹AdminArea(放置管理员访问的页面包含:Default.aspx、RoleList.aspx、UserList.aspx、
web.config)、ProtectedArea(放置注册用户访问的页面包含:Default.aspx、UpdateUserData.aspx、
web.config)
3、根目录下的Default.aspx代码如下:
< script runat ="server" language ="c#" > ...
void Page_Load(object sender, System.EventArgs e)
...{
this.Label1.Text = string.Format("Anonymous ID: {0}", this.Request.AnonymousID);
}
</ script >
< asp:content id ="Content1" contentplaceholderid ="ContentPlaceHolder1" runat ="server" >
< h1 > Main page - open for any (anonymous) user </ h1 >
< p >
< asp:label id ="Label1" runat ="server" Width ="112px" > Label </ asp:label >
</ p >
</ asp:content >
4、选择“网站”--“ASP.NET配置”--点击“安全“进入用户、角色管理页面。
选择“创建或管理角色”创建新角色"Admins"。然后回到安全页面点击“创建用户”创建新用户admin1(为此用户选
择角色:Admins),再创建新用户user1(不用为它选择角色)。
再回到安全页面点击“创建用户”创建访问规则:
(1)选择“AdminArea”目录,允许角色"Admins";还要拒绝“匿名用户”。
(2)选择“ProtectedArea”目录,拒绝“匿名用户”。
以前要很辛苦地数据库、数据表,还要视图关联,写了一大堆代码。
现在就鼠标点几下就可以了,连数据库都自动建立了。
5、根目录下的Login.aspx代码如下:
< script runat ="server" language ="c#" > ...
</ script >
< asp:content id ="Content1" contentplaceholderid ="ContentPlaceHolder1" runat ="server" >
< asp:Login ID ="Login1" runat ="server" BackColor ="#FFFBD6" BorderColor ="#FFDFAD" BorderStyle ="Solid"
BorderWidth ="1px" Font-Names ="Verdana" Font-Size ="0.8em" BorderPadding ="4" ForeColor ="#333333" TextLayout ="TextOnTop" >
< TitleTextStyle BackColor ="#990000" Font-Bold ="True" ForeColor ="White" Font-Size ="0.9em" />
< LayoutTemplate >
< table border ="0" cellpadding ="1" cellspacing ="0" style ="border-collapse: collapse" >
< tr >
< td style ="height: 202px" >
< table border ="0" cellpadding ="0" >
< tr >
< td align ="center" colspan ="2" style ="font-weight: bold; color: white; background-color: #6b696b" >
登录 </ td >
</ tr >
< tr >
< td align ="right" >
< asp:Label ID ="UserNameLabel" runat ="server" AssociatedControlID ="UserName" > 用户名: </ asp:Label ></ td >
< td >
< asp:TextBox ID ="UserName" runat ="server" ></ asp:TextBox >
< asp:RequiredFieldValidator ID ="UserNameRequired" runat ="server" ControlToValidate ="UserName"
ErrorMessage ="必须填写“用户名”。" ToolTip ="必须填写“用户名”。" ValidationGroup ="Login1" > * </ asp:RequiredFieldValidator >
</ td >
</ tr >
< tr >
< td align ="right" >
< asp:Label ID ="PasswordLabel" runat ="server" AssociatedControlID ="Password" > 密码: </ asp:Label ></ td >
< td >
< asp:TextBox ID ="Password" runat ="server" TextMode ="Password" ></ asp:TextBox >
< asp:RequiredFieldValidator ID ="PasswordRequired" runat ="server" ControlToValidate ="Password"
ErrorMessage ="必须填写“密码”。" ToolTip ="必须填写“密码”。" ValidationGroup ="Login1" > * </ asp:RequiredFieldValidator >
</ td >
</ tr >
< tr >
< td colspan ="2" >
< asp:CheckBox ID ="RememberMe" runat ="server" Text ="下次记住我。" />
</ td >
</ tr >
< tr >
< td align ="center" colspan ="2" style ="color: red" >
< asp:Literal ID ="FailureText" runat ="server" EnableViewState ="False" ></ asp:Literal >
</ td >
</ tr >
< tr >
< td align ="right" colspan ="2" >
< asp:Button ID ="LoginButton" runat ="server" CommandName ="Login" Text ="登录" ValidationGroup ="Login1" />
</ td >
</ tr >
</ table >
</ td >
</ tr >
</ table >
</ LayoutTemplate >
< InstructionTextStyle Font-Italic ="True" ForeColor ="Black" />
< TextBoxStyle Font-Size ="0.8em" />
< LoginButtonStyle BackColor ="White" BorderColor ="#CC9966" BorderStyle ="Solid" BorderWidth ="1px"
Font-Names ="Verdana" Font-Size ="0.8em" ForeColor ="#990000" />
</ asp:Login >
< br />
< asp:passwordrecovery id ="PasswordRecovery1" runat ="server" font-names ="Verdana"
font-size ="0.8em" bordercolor ="#FFDFAD" borderwidth ="1px" borderstyle ="Solid"
backcolor ="#FFFBD6" BorderPadding ="4" >
< titletextstyle font-bold ="True" forecolor ="White" backcolor ="#990000" Font-Size ="0.9em" >
</ titletextstyle >
< MailDefinition From ="chjkchl@tom.com" Priority ="High" BodyFileName ="~/PasswordRecovery.txt" Subject ="Your Password" >
</ MailDefinition >
< InstructionTextStyle Font-Italic ="True" ForeColor ="Black" />
< SuccessTextStyle Font-Bold ="True" ForeColor ="#990000" />
< TextBoxStyle Font-Size ="0.8em" />
< SubmitButtonStyle BackColor ="White" BorderColor ="#CC9966" BorderStyle ="Solid" BorderWidth ="1px"
Font-Names ="Verdana" Font-Size ="0.8em" ForeColor ="#990000" />
</ asp:passwordrecovery >< br />
</ asp:content >
6、根目录下的Register.aspx代码如下:
< script runat ="server" language ="c#" > ...
void Button1_Click(object sender, System.EventArgs e)
...{
if (this.IsValid) ...{
MembershipCreateStatus status;
MembershipUser user = Membership.CreateUser(this.TB_Username.Text, this.TB_Password.Text, this.TB_Email.Text,"1111","2222",true,out status);
switch (status)
...{
case MembershipCreateStatus.Success:
FormsAuthentication.RedirectFromLoginPage(user.UserName, false);
break;
case MembershipCreateStatus.DuplicateEmail:
this.LB_CreateError.Text = "The email address is already registered.";
break;
case MembershipCreateStatus.DuplicateUserName:
this.LB_CreateError.Text = "The username is already registered.";
break;
case MembershipCreateStatus.InvalidEmail:
this.LB_CreateError.Text = "This email address is invalid.";
break;
case MembershipCreateStatus.InvalidPassword:
this.LB_CreateError.Text = "This password is invalid.";
break;
case MembershipCreateStatus.UserRejected:
this.LB_CreateError.Text = "The user was rejected for an unknown reason.";
break;
}
}
}
</ script >
< asp:content id ="Content1" contentplaceholderid ="ContentPlaceHolder1" runat ="server" >
< table cellspacing ="1" cellpadding ="1" border ="1" >
< tr >
< td > User Name: </ td >
< td >
< asp:textbox id ="TB_Username" runat ="server" >
</ asp:textbox >
</ td >
< td >
< asp:requiredfieldvalidator id ="RequiredFieldValidator1" runat ="server" controltovalidate ="TB_Username" setfocusonerror ="True" >
* </ asp:requiredfieldvalidator >
</ td >
</ tr >
< tr >
< td > E-Mail: </ td >
< td >
< asp:textbox id ="TB_Email" runat ="server" >
</ asp:textbox >
</ td >
< td >
< asp:requiredfieldvalidator id ="RequiredFieldValidator2" runat ="server" controltovalidate ="TB_Email" setfocusonerror ="True" >
* </ asp:requiredfieldvalidator >
</ td >
</ tr >
< tr >
< td > Password: </ td >
< td >
< asp:textbox id ="TB_Password" runat ="server" textmode ="Password" >
</ asp:textbox >
</ td >
< td >
< asp:requiredfieldvalidator id ="RequiredFieldValidator3" runat ="server" errormessage ="RequiredFieldValidator"
controltovalidate ="TB_Password" setfocusonerror ="True" > * </ asp:requiredfieldvalidator >
</ td >
</ tr >
< tr >
< td > Password Confirmation: </ td >
< td >
< asp:textbox id ="TB_PasswordConfirmation" runat ="server" textmode ="Password" >
</ asp:textbox >
</ td >
< td >
< asp:requiredfieldvalidator id ="RequiredFieldValidator4" runat ="server" errormessage ="RequiredFieldValidator"
controltovalidate ="TB_PasswordConfirmation" > * </ asp:requiredfieldvalidator >
< asp:comparevalidator id ="CompareValidator1" runat ="server" controltovalidate ="TB_PasswordConfirmation"
controltocompare ="TB_Password" setfocusonerror ="True" > * </ asp:comparevalidator >
</ td >
</ tr >
< tr >
< td colspan ="3" >
< asp:label id ="LB_CreateError" runat ="server" forecolor ="Red" font-bold ="True" >
</ asp:label >
</ td >
</ tr >
< tr >
< td >
</ td >
< td >
< asp:button id ="Button1" runat ="server" text ="Register New User" onclick ="Button1_Click" />
</ td >
< td >
</ td >
</ tr >
</ table >
</ asp:content >
7、根目录下的PasswordRecovery.txt代码如下:
Your user name is < %UserName % > .
Your password is < %Password % > .
Thanks!
7/2、根目录下的web.config代码如下:
< configuration xmlns ="http://schemas.microsoft.com/.NetConfiguration/v2.0" >
< system .web >
< authentication mode ="Forms" />
< authorization >
< allow users ="*" />
</ authorization >
< anonymousIdentification
enabled ="true"
/>
< membership >
< providers />
</ membership >
< roleManager enabled ="true" >
< providers />
</ roleManager >
< compilation debug ="true" /></ system.web >
< system .net >
< mailSettings >
< smtp from ="chjkchl@tom.com" >
< network host ="smtp.tom.com" password ="" userName ="" />
</ smtp >
</ mailSettings >
</ system.net >
</ configuration >
8、AdminArea/Default.aspx代码如下:
< asp:content id ="Content1" contentplaceholderid ="ContentPlaceHolder1" runat ="server" >
< asp:hyperlink id ="HyperLink1" runat ="server" navigateurl ="UserList.aspx" > User List </ asp:hyperlink >
< br />
< asp:hyperlink id ="HyperLink2" runat ="server" navigateurl ="RoleList.aspx" > Role List </ asp:hyperlink >
</ asp:content >
9、AdminArea/RoleList.aspx代码如下:
< script runat ="server" language ="c#" > ...
void Page_Load(object sender, System.EventArgs e)
...{
if (this.IsPostBack == false) ...{
this.UpdateRoleList(null);
}
}
void DDL_RoleList_SelectedIndexChanged(object sender, System.EventArgs e)
...{
this.UpdateRoleMemberList();
}
void BT_RemoveRole_Click(object sender, System.EventArgs e)
...{
if (this.DDL_RoleList.SelectedIndex != -1) ...{
Roles.DeleteRole(this.DDL_RoleList.SelectedValue);
this.UpdateRoleList(null);
}
}
void BT_AddRole_Click(object sender, System.EventArgs e)
...{
if (this.TB_NewRole.Text.Length > 0) ...{
Roles.CreateRole(this.TB_NewRole.Text);
this.UpdateRoleList(this.TB_NewRole.Text);
}
}
void BT_RemoveUserFromRole_Click(object sender, System.EventArgs e)
...{
if (this.LB_RoleUsers.SelectedIndex != -1) ...{
Roles.RemoveUserFromRole(this.LB_RoleUsers.SelectedValue, this.DDL_RoleList.SelectedValue);
this.UpdateRoleMemberList();
}
}
void BT_AddUserToRole_Click(object sender, System.EventArgs e)
...{
if (this.TB_NewUser.Text.Length > 0) ...{
Roles.AddUserToRole(this.TB_NewUser.Text, this.DDL_RoleList.SelectedValue);
this.UpdateRoleMemberList();
}
}
private void UpdateRoleList(string role) ...{
this.DDL_RoleList.DataSource = Roles.GetAllRoles();
this.DDL_RoleList.DataBind();
if (role != null) ...{
ListItem item = this.DDL_RoleList.Items.FindByText(role);
if (item != null) ...{
item.Selected = true;
}
}
this.UpdateRoleMemberList();
}
private void UpdateRoleMemberList() ...{
string role = this.DDL_RoleList.SelectedValue;
this.LB_RoleUsers.DataSource = Roles.GetUsersInRole(role);
this.LB_RoleUsers.DataBind();
}
</ script >
< asp:content id ="Content1" contentplaceholderid ="ContentPlaceHolder1" runat ="server" >
Available Roles: < asp:dropdownlist id ="DDL_RoleList" runat ="server" onselectedindexchanged ="DDL_RoleList_SelectedIndexChanged" autopostback ="True" >
</ asp:dropdownlist >
< asp:button id ="BT_RemoveRole" runat ="server" text ="Remove Role" onclick ="BT_RemoveRole_Click" />
< br />
< br />
< asp:textbox id ="TB_NewRole" runat ="server" >
</ asp:textbox >
< asp:button id ="BT_AddRole" runat ="server" text ="Add Role" onclick ="BT_AddRole_Click" /> < br />
< br />
Role Members: < br />
< asp:listbox id ="LB_RoleUsers" runat ="server" >
</ asp:listbox >
< asp:button id ="BT_RemoveUserFromRole" runat ="server" text ="Remove" onclick ="BT_RemoveUserFromRole_Click" />< br />
< br />
< asp:textbox id ="TB_NewUser" runat ="server" >
</ asp:textbox >
< asp:button id ="BT_AddUserToRole" runat ="server" text ="Add User To Role" onclick ="BT_AddUserToRole_Click" /></ asp:content >
10、AdminArea/UserList.aspx代码如下:
< script runat ="server" language ="c#" > ...
void Page_Load(object sender, System.EventArgs e)
...{
this.GV_UserList.DataSource = Membership.GetAllUsers();
this.GV_UserList.DataBind();
}
void GV_UserList_SelectedIndexChanged(object sender, System.EventArgs e)
...{
string userName = (this.GV_UserList.SelectedValue as string);
MembershipUser user = Membership.GetUser(userName);
this.DV_User.DataSource = new MembershipUser[] ...{ user };
this.DV_User.DataBind();
}
</ script >
< asp:content id ="Content1" contentplaceholderid ="ContentPlaceHolder1" runat ="server" >
< asp:gridview id ="GV_UserList" runat ="server" bordercolor ="#3366CC" borderstyle ="None" borderwidth ="1px" backcolor ="White" cellpadding ="4" autogeneratecolumns ="False" datakeynames ="Username" onselectedindexchanged ="GV_UserList_SelectedIndexChanged" >
< alternatingrowstyle font-italic ="False" font-bold ="False" >
</ alternatingrowstyle >
< pagerstyle forecolor ="#003399" font-italic ="False" font-bold ="False" horizontalalign ="Left"
backcolor ="#99CCCC" >
</ pagerstyle >
< columns >
< asp:commandfield showselectbutton ="True" >
</ asp:commandfield >
< asp:boundfield datafield ="Username" headertext ="Username" >
</ asp:boundfield >
< asp:boundfield datafield ="Email" headertext ="Email" >
</ asp:boundfield >
< asp:boundfield datafield ="LastLoginDate" headertext ="LastLoginDate" >
</ asp:boundfield >
</ columns >
< selectedrowstyle forecolor ="#CCFF99" backcolor ="#009999" font-italic ="False" font-bold ="True" >
</ selectedrowstyle >
< rowstyle forecolor ="#003399" backcolor ="White" font-italic ="False" font-bold ="False" >
</ rowstyle >
< headerstyle forecolor ="#CCCCFF" backcolor ="#003399" font-italic ="False" font-bold ="True" >
</ headerstyle >
< footerstyle forecolor ="#003399" backcolor ="#99CCCC" font-italic ="False" font-bold ="False" >
</ footerstyle >
</ asp:gridview >< br />
< asp:detailsview id ="DV_User" runat ="server" bordercolor ="#3366CC" borderstyle ="None" borderwidth ="1px" backcolor ="White" cellpadding ="4" gridlines ="Both" >
< alternatingrowstyle font-italic ="False" font-bold ="False" >
</ alternatingrowstyle >
< pagerstyle forecolor ="#003399" font-italic ="False" font-bold ="False" horizontalalign ="Left"
backcolor ="#99CCCC" >
</ pagerstyle >
< editrowstyle forecolor ="#CCFF99" backcolor ="#009999" font-italic ="False" font-bold ="True" >
</ editrowstyle >
< rowstyle forecolor ="#003399" backcolor ="White" font-italic ="False" font-bold ="False" >
</ rowstyle >
< headerstyle forecolor ="#CCCCFF" backcolor ="#003399" font-italic ="False" font-bold ="True" >
</ headerstyle >
< footerstyle forecolor ="#003399" backcolor ="#99CCCC" font-italic ="False" font-bold ="False" >
</ footerstyle >
</ asp:detailsview ></ asp:content >
11、AdminArea/web.config代码如下:
< configuration xmlns ="http://schemas.microsoft.com/.NetConfiguration/v2.0" >
< system .web >
< authorization >
< allow roles ="Admins" />
< deny users ="?" />
</ authorization >
</ system.web >
</ configuration >
12、ProtectedArea/Default.aspx代码如下:
< asp:content id ="Content1" contentplaceholderid ="ContentPlaceHolder1" runat ="server" >
< asp:hyperlink id ="HyperLink1" runat ="server" navigateurl ="UpdateUserData.aspx" > Update
User Data </ asp:hyperlink >
</ asp:content >
13、ProtectedArea/UpdateUserData.aspx代码如下:
< script runat ="server" language ="c#" > ...
void Page_Load(object sender, System.EventArgs e)
...{
if (this.IsPostBack == false) ...{
MembershipUser user = Membership.GetUser();
this.LB_Username.Text = user.UserName;
this.TB_Email.Text = user.Email;
this.TB_Comment.Text = user.Comment;
}
}
void Button1_Click(object sender, System.EventArgs e)
...{
if (this.IsValid) ...{
MembershipUser user = Membership.GetUser();
user.Email = this.TB_Email.Text;
user.Comment = this.TB_Comment.Text;
Membership.UpdateUser(user);
if ((this.TB_OldPassword.Text.Length > 0) && (this.TB_NewPassword.Text.Length > 0)) ...{
user.ChangePassword(this.TB_OldPassword.Text, this.TB_NewPassword.Text);
}
/**//*if (this.TB_NewPassword.Text.Length > 0) {
string oldPassword = user.GetPassword();
user.ChangePassword(oldPassword, this.TB_NewPassword.Text);
}*/
/**//*if (this.TB_NewPassword.Text.Length > 0) {
string oldPassword = user.ResetPassword();
user.ChangePassword(oldPassword, this.TB_NewPassword.Text);
}*/
}
}
</ script >
< asp:content id ="Content1" contentplaceholderid ="ContentPlaceHolder1" runat ="server" >
< table cellspacing ="1" cellpadding ="1" border ="1" >
< tr >
< td > User Name: </ td >
< td >
< asp:label id ="LB_Username" runat ="server" ></ asp:label >
</ td >
< td > </ td >
</ tr >
< tr >
< td > E-Mail: </ td >
< td >
< asp:textbox id ="TB_Email" runat ="server" >
</ asp:textbox >
</ td >
< td >
< asp:requiredfieldvalidator id ="RequiredFieldValidator2" runat ="server" controltovalidate ="TB_Email"
setfocusonerror ="True" > * </ asp:requiredfieldvalidator >
</ td >
</ tr >
< tr >
< td > Comment: </ td >
< td >
< asp:textbox id ="TB_Comment" runat ="server" >
</ asp:textbox >
</ td >
< td > </ td >
</ tr >
< tr >
< td > Old Password: </ td >
< td >
< asp:textbox id ="TB_OldPassword" runat ="server" textmode ="Password" >
</ asp:textbox >
</ td >
< td >
</ td >
</ tr >
< tr >
< td > New Password: </ td >
< td >
< asp:textbox id ="TB_NewPassword" runat ="server" textmode ="Password" >
</ asp:textbox >
</ td >
< td >
</ td >
</ tr >
< tr >
< td > Passwort Confirmation: </ td >
< td >
< asp:textbox id ="TB_PasswordConfirmation" runat ="server" textmode ="Password" >
</ asp:textbox >
</ td >
< td >
< asp:comparevalidator id ="CompareValidator1" runat ="server" setfocusonerror ="True"
controltovalidate ="TB_PasswordConfirmation" controltocompare ="TB_NewPassword" > * </ asp:comparevalidator >
</ td >
</ tr >
< tr >
< td colspan ="3" >
< asp:label id ="LB_CreateError" runat ="server" font-bold ="True" forecolor ="Red" >
</ asp:label >
</ td >
</ tr >
< tr >
< td >
</ td >
< td >
< asp:button id ="Button1" runat ="server" text ="Update User Data" onclick ="Button1_Click" />
</ td >
< td >
</ td >
</ tr >
</ table >
</ asp:content >
14、ProtectedArea/web.config代码如下:
< configuration >
< system .web >
< authorization >
< deny users ="?" />
</ authorization >
</ system.web >
</ configuration >
15、完成,具体看Apress的《ASP.NET 2.0 大揭密》