web.config 文件对登陆用户授权

对于登陆的特定用户 可以在web.config 文件设置其权限

web.config 只给admin用户授权登陆

 <!--
            通过 <authentication> 节可以配置 ASP.NET 用来
            识别进入用户的
            安全身份验证模式。
        -->
    <authentication mode="Forms">
      <forms name="Login" loginUrl="login.aspx" defaultUrl="noteFlatroot/index.aspx" timeout ="60">
        <credentials passwordFormat="SHA1"></credentials>
      </forms>
     
    </authentication>
    <authorization >
      <deny users="?"/>
      <allow users ="admin"/>
      <deny users ="*"/>
     
    </authorization>

 

保存用户信息到验证票 验证权限的类

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Security;

/// <summary>
///YanZLogin 的摘要说明
/// </summary>
public class YanZLogin
{
    public YanZLogin()
    { }
    //
    //TODO: 在此处添加构造函数逻辑
    //

    // 身份验证的代码      
    public static string AuthenticationTicket(string username)
    {
        FormsAuthenticationTicket tichet = new FormsAuthenticationTicket(1, username, DateTime.Now, DateTime.Now.AddHours(24), true, "");
        string hashticket = FormsAuthentication.Encrypt(tichet); //加密
        HttpCookie userCookie = new HttpCookie(FormsAuthentication.FormsCookieName);
        userCookie.Value = hashticket;//获取或设置单个 Cookie 值。
        userCookie.Expires = tichet.Expiration;//设置此Cookie 的过期日期和时间
        userCookie.Domain = FormsAuthentication.CookieDomain;//获取或设置将此 Cookie 与其关联的域
        HttpContext.Current.Response.Cookies.Add(userCookie);//将对象添加到Cookie 中去
        string requestUrl = FormsAuthentication.GetRedirectUrl(FormsAuthentication.FormsCookieName, false);
        //不要使用FormsAuthentication.RedirectFromLoginPage方法,因为这个方法会重写cookie 
        //重新定向到请求的url 

        return requestUrl;
    }

}

 

login.aspx.cs 文件

 

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Configuration;

public partial class _Default : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        if (!IsPostBack)
        {
            SerialNumber1.Create();
        }
    }
    protected void LinkButton1_Click(object sender, EventArgs e)
    {
        this.SerialNumber1.Create();
    }
    /// <summary>
    /// 提交登陆信息
    /// </summary>
    /// <param name="sender"></param>
    /// <param name="e"></param>
    protected void btnLogin_Click(object sender, EventArgs e)
    {
        string returnUrl = Request.QueryString["ReturnUrl"];
        string Lpwd = ConfigurationManager.ConnectionStrings["pwd"].ToString();
        //判断验证码是否错误
        if (!SerialNumber1.CheckSN(txtYZ.Text.Trim()))
        {
            Page.ClientScript.RegisterStartupScript(this.GetType(), "", "<script>alert('验证码错误！')</script>");
        }
        else
        {
            string name = txtName.Text;
            string pwd = txtPwd.Text;
          
           
            if (pwd.Equals(Lpwd))
            {
                YanZLogin.AuthenticationTicket(name);
                Page.ClientScript.RegisterStartupScript(this.GetType(), "", "<script>location.href='" + returnUrl + "'</script>");
            }
            else
                Page.ClientScript.RegisterStartupScript(this.GetType(), "", "<script>alert('密码错误！')</script>");
        }
    }
}