forms验证可将用户的信息存入cookie中,第一次登录时候(cookie还未过期)浏览任何页面都将转到登陆页面,只有登陆成功才可浏览其他页面。这样有一个问题,就是用户已经关掉了所有的与网站相关的所有页面,但是COOKIES还未过期,用户再次浏览任何页面都没有转到登陆页面
forms验证需要以下的步骤
1 web.config
<authentication mode="Forms">
<forms loginUrl="~/Manage/ManageLogin.aspx" name=".ASPXFORMSAUTH"></forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
<machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="SHA1" decryption="Auto" />
2 global.asax
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
if (HttpContext.Current.User != null)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (HttpContext.Current.User.Identity is FormsIdentity)
{
FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
FormsAuthenticationTicket ticket = id.Ticket;
string userData = ticket.UserData;
string[] roles = userData.Split(new char[] { ',' });
HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(id, roles);
}
}
}
}
3 loginpage
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, txtUserName.Text.Trim(), DateTime.Now, DateTime.Now.AddHours(20), false,txtUserName.Text +","+txtSupporPwd.Text, FormsAuthentication.FormsCookiePath);
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
authCookie.Expires = authTicket.Expiration;
Response.Cookies.Add(authCookie);
最后你运行站点发现,页面样式图片都不能正常显示
解决办法:在样式或图片所在的文件夹上加上一个配置文件,让用户有访问权
<authorization>
<allow users="?" />
</authorization>
FormsAuthentication.SignOut();得放在一个合适的位置,才可解决用户已经关掉了所有的与网站相关的所有页面,但是COOKIES还未过期,用户再次浏览任何页面都没有转到登陆页面的问题