流程
一、配置config
n 基本内容
<configuration>
<system.web>
<authenticationmode="Forms">
<formsname=".WroxDemo" loginUrl="login.aspx"protection="All" timeout="60"/>
</authentication>
<machinekey validationkey=”AutoGenerate” decrptionKey=”AutoGenerate”>//配置身份验证的加密解密和验证级别。
<authorization>
<denyusers="?">
</authorization>
</system.web>
</configuration>
<!—还可以配置某个目录的权限à
<lacatoinpath=”admin”>
<system.web>
<authorization>
<deny user=”?”>
</authorization>
</system.web>
</location>
二、填写与匹配帐户信息
//从数据库或文件取得填写的帐户信息
If(Dr.Read) //如果存在集合中
{
//则用户验证通过。
{
//方式四:创建自定义身份验证票
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, "yundao", DateTime.Now,DateTime.Now.AddMinutes(30), false, "admin");
//将身份验证票加密
string EncrTicket = FormsAuthentication.Encrypt(ticket);
//创建一个Cookie
HttpCookiemyCookie = new HttpCookie(FormsAuthentication.FormsCookieName,EncrTicket);
将Cookie写入客户端
Response.Cookies.Add(myCookie);
//如果Cookie被禁
If(Request.Browser.Cookies==null)
{
Session["user_name"]= TextBoxUserName.Text;
Seesion[“user_pwd”]= TextBoxPwd.Text;
}
跳转到初始请求页或默认页面
//Response.Redirect(FormsAuthentication.GetRedirectUrl("yundao",false));
FormsAuthentication.RedirectFromLoginPage(txtEmail.Text,false)
}
}
三、 验证与授权
在初始访问页中(比如Default.aspx)验证与授权
If(Request.IsAuthenticated==true)//如果有访问权限
{
//do something
String pwd=””;
Stirng roles=””;
If(Request.Cookies[FormsAuthentication.FormsCookieName]==null)
{
Pwd = Session[“pwd”].tostring();
Roles = Session[“role”].toString();
}
Else
{
//获得存放身份验证票的Cookie值,这个值是经过加密的
string EncrTicket =Request.Cookies[FormsAuthentication.FormsCookieName].Value;
//获得身份验证票
FormsAuthenticationTicket ticket =FormsAuthentication.Decrypt(EncrTicket);
//从身份验证票中提取经过验证的用户名
string UserName = ticket.Name;
//从身份验证票中提取用户数据
string UserData = ticket.UserData;
Label1.Text = UserName + ",您好!您的权限为:" + UserData;
}
}