对于登陆的特定用户 可以在web.config 文件设置其权限
web.config 只给admin用户授权登陆
<!--
通过 <authentication> 节可以配置 ASP.NET 用来
识别进入用户的
安全身份验证模式。
-->
<authentication mode="Forms">
<forms name="Login" loginUrl="login.aspx" defaultUrl="noteFlatroot/index.aspx" timeout ="60">
<credentials passwordFormat="SHA1"></credentials>
</forms>
</authentication>
<authorization >
<deny users="?"/>
<allow users ="admin"/>
<deny users ="*"/>
</authorization>
保存用户信息到验证票 验证权限的类
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Security;
/// <summary>
///YanZLogin 的摘要说明
/// </summary>
public class YanZLogin
{
public YanZLogin()
{ }
//
//TODO: 在此处添加构造函数逻辑
//
// 身份验证的代码
public static string AuthenticationTicket(string username)
{
FormsAuthenticationTicket tichet = new FormsAuthenticationTicket(1, username, DateTime.Now, DateTime.Now.AddHours(24), true, "");
string hashticket = FormsAuthentication.Encrypt(tichet); //加密
HttpCookie userCookie = new HttpCookie(FormsAuthentication.FormsCookieName);
userCookie.Value = hashticket;//获取或设置单个 Cookie 值。
userCookie.Expires = tichet.Expiration;//设置此Cookie 的过期日期和时间
userCookie.Domain = FormsAuthentication.CookieDomain;//获取或设置将此 Cookie 与其关联的域
HttpContext.Current.Response.Cookies.Add(userCookie);//将对象添加到Cookie 中去
string requestUrl = FormsAuthentication.GetRedirectUrl(FormsAuthentication.FormsCookieName, false);
//不要使用FormsAuthentication.RedirectFromLoginPage方法,因为这个方法会重写cookie
//重新定向到请求的url
return requestUrl;
}
}
login.aspx.cs 文件
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Configuration;
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
SerialNumber1.Create();
}
}
protected void LinkButton1_Click(object sender, EventArgs e)
{
this.SerialNumber1.Create();
}
/// <summary>
/// 提交登陆信息
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void btnLogin_Click(object sender, EventArgs e)
{
string returnUrl = Request.QueryString["ReturnUrl"];
string Lpwd = ConfigurationManager.ConnectionStrings["pwd"].ToString();
//判断验证码是否错误
if (!SerialNumber1.CheckSN(txtYZ.Text.Trim()))
{
Page.ClientScript.RegisterStartupScript(this.GetType(), "", "<script>alert('验证码错误!')</script>");
}
else
{
string name = txtName.Text;
string pwd = txtPwd.Text;
if (pwd.Equals(Lpwd))
{
YanZLogin.AuthenticationTicket(name);
Page.ClientScript.RegisterStartupScript(this.GetType(), "", "<script>location.href='" + returnUrl + "'</script>");
}
else
Page.ClientScript.RegisterStartupScript(this.GetType(), "", "<script>alert('密码错误!')</script>");
}
}
}