1.首先在web.config文件的<system.web>的节点下添加管理员的基本信息
<authentication mode="Forms">
<forms name="sellmanager" loginUrl="Login.aspx" protection="All" timeout="30">
<credentials passwordFormat="Clear">
<user name="admin" password="123456"/>
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
(2)<deny users="?"/>这里说明了禁止匿名用户的访问
2.在login.aspx页面添加login控件,在Authenticate事件里添加
protected
void
Login1_Authenticate(
object
sender, AuthenticateEventArgs e)
{
if (FormsAuthentication.Authenticate(Login1.UserName, Login1.Password))
{
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(Login1.UserName, true , 30 );
FormsAuthentication.RedirectFromLoginPage(Login1.UserName, Login1.RememberMeSet);
}
}
(1)这样就能实现使用web.config里的配置来验证用户
{
if (FormsAuthentication.Authenticate(Login1.UserName, Login1.Password))
{
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(Login1.UserName, true , 30 );
FormsAuthentication.RedirectFromLoginPage(Login1.UserName, Login1.RememberMeSet);
}
}
3.发现一个问题:登陆页显示不正常,登陆后就正常了,由于用了同一个母版页就觉得很奇怪.
找了很久终于发现是因为<deny users="?"/>这个配置使得没登陆的时候没有权限访问css和js文件,于是在<configuration>下面添加了
<
location
path
="Login.aspx"
>
< system .web >
< authorization >
< allow users ="?" />
</ authorization >
</ system.web >
</ location >
< location path ="style/SMStyle.css" >
< system .web >
< authorization >
< allow users ="*" />
</ authorization >
</ system.web >
</ location >
< location path ="images" >
< system .web >
< authorization >
< allow users ="*" />
</ authorization >
</ system.web >
</ location >
< system .web >
< authorization >
< allow users ="?" />
</ authorization >
</ system.web >
</ location >
< location path ="style/SMStyle.css" >
< system .web >
< authorization >
< allow users ="*" />
</ authorization >
</ system.web >
</ location >
< location path ="images" >
< system .web >
< authorization >
< allow users ="*" />
</ authorization >
</ system.web >
</ location >
4.还有一个问题要解决的,就是
FormsAuthentication.RedirectFromLoginPage(Login1.UserName, Login1.RememberMeSet);
如果用户起始也就是登陆页会出现登陆成功了还停留在本页的情况,所以还要加个判断.