前言:一般来说,如果会员登陆上后台以后,则用Session来保存用户资料,然后如果用户登陆其他网页的时候,在网页加载的时候通过读取用户浏览器保存的Session,来判断用户是否已经登陆。但是这样的话,网站的每个页面的后台代码中都要首先判断一下用户信息,这样很不方便。
ASP.NET内置票据认证为我们解决了这个麻烦,同过ASP.NET内置票据认证,可以很轻松地管理用户登陆问题。
ASP.NET内置票据认证
根据你的设置,在进入到某一个目录下的页面时自动判断你是否有权限访问这个页面,没有权限则自动跳转到你预先设置的登录页
1、 在根目录建立一个Global.asax文件,添加一段代码
protected void Application_AuthenticateRequest(object SENDER, EventArgs e)
{
if (HttpContext.Current.User != null)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (HttpContext.Current.User.Identity is FormsIdentity)
{
FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
FormsAuthenticationTicket tiecket = id.Ticket;
string userData = tiecket.UserData;
string[] roles = userData.Split(',');
HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(id, roles);
}
}
}
}
2、 在web.config 文件中配置目录权限及登录页,
①:在system.web节点中,添加下面代码,配置登录页:
<!--登陆页-->
<authentication mode="Forms">
<forms name="mycook" loginUrl="admin/default.aspx" protection="All" path="/"/>
</authentication>
②:配置目录权限,在system.web节点外面
下面代码的意思是:admin目录下的所有文件,允许admin这个用户访问,拒绝其他用户访问
<!--配置登陆权限-->
<location path="admin">
<system.web>
<authorization>
<allow roles="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="user">
<system.web>
<authorization>
<allow roles="user"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="admin/admin_login.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="user/user_login.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
把上面的代码修改一下,使之符合我们项目要求:
所以,在<system.web>下面添加下面代码:
<!--配置登陆权限-->
<location path="admin">
<system.web>
<authorization>
<allow roles="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="admin/admin_login.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
配置好的Web.config文件如下:
<?xml version="1.0"?>
<!--
有关如何配置 ASP.NET 应用程序的详细消息,请访问
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<configSections>
<section name="dataConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Data.Configuration.DatabaseSettings, Microsoft.Practices.EnterpriseLibrary.Data, Version=5.0.414.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="true"/>
</configSections>
<dataConfiguration defaultDatabase="StrConn"/>
<connectionStrings>
<add name="StrConn" connectionString="data source=.;database=MyShop;uid=sa;pwd=123456" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/></assemblies></compilation>
<!--登陆页-->
<authentication mode="Forms">
<forms name="mycook" loginUrl="admin/login.aspx" protection="All" path="/"/>
</authentication>
</system.web>
<!--目录权限-->
<location path="admin">
<system.web>
<authorization>
<allow roles="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="admin/login.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
</configuration>
3、 在登录页的登录事件中的登录成功后烤入一段代码
HttpCookie cook;
string strReturnURL;
string roles = "admin";//添加用户角色
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, name, DateTime.Now, DateTime.Now.AddMinutes(30), false, roles);
cook = new HttpCookie("mycook");
cook.Value = FormsAuthentication.Encrypt(ticket);
Response.Cookies.Add(cook);
strReturnURL = Request.Params["ReturnUrl"];
if (strReturnURL != null)
{
Response.Redirect(strReturnURL);
}
else
{
Response.Redirect("default.aspx");
}
登陆页面login.aspx的cs代码:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.Security;
namespace Web.admin
{
public partial class login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void btnlogin_Click(object sender, EventArgs e)
{
string name = txtname.Text.Trim();
string pwd = txtpwd.Text.Trim();
if (name.Length==0&&pwd.Length==0)
{
litmsg.Text = "<span style='Color:red;'>用户资料请填写完整!</span>";
return;
}
if (name == "admin" && pwd == "123456")
{
HttpCookie cook;
string strReturnURL;
string roles = "admin";
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, name, DateTime.Now, DateTime.Now.AddMinutes(30), false, roles);
cook = new HttpCookie("mycook");
cook.Value = FormsAuthentication.Encrypt(ticket);
Response.Cookies.Add(cook);
strReturnURL = Request.Params["ReturnUrl"];
if (strReturnURL != null)
{
Response.Redirect(strReturnURL);
}
else
{
Response.Redirect("default.aspx");
}
}
else
{
litmsg.Text = "<span style='Color:red;'>用户名或者密码错误!</span>";
return;
}
}
}
}