ASP.NET内置票据认证(实现登录权限的判定)

 

最近在看牛腩的购物网，使用微软的企业库，用到了新的验证方式，不是以往的session验证，学习了。这个转自卢青松的博客

1、 在根目录建立一个Global.asax文件，烤入一段代码

代码

protected void Application_AuthenticateRequest( object SENDER, EventArgs e)
{
if (HttpContext.Current.User != null )
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (HttpContext.Current.User.Identity is FormsIdentity)
{
FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
FormsAuthenticationTicket tiecket = id.Ticket;
string userData = tiecket.UserData;
string [] roles = userData.Split( ' , ' );
HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(id, roles);
}
}
}
}

2:  在web.config 文件中配置目录权限及登录页，

登录页，在system.web节点中

< authentication mode ="Forms" >
< forms name ="mycook" loginUrl ="login.aspx" protection ="All" path ="/" />
</ authentication >

配置目录权限，在system.web节点外面

代码

< location path ="admin" >
< system .web >
< authorization >
< allow roles ="admin" />
< deny users ="*" />
</ authorization >
</ system.web >
</ location >
< location path ="user" >
< system .web >
< authorization >
< allow roles ="user" />
< deny users ="*" />
</ authorization >
</ system.web >
</ location >
< location path ="admin/admin_login.aspx" >
< system .web >
< authorization >
< allow users ="*" />
</ authorization >
</ system.web >
</ location >
< location path ="user/user_login.aspx" >
< system .web >
< authorization >
< allow users ="*" />
</ authorization >
</ system.web >
</ location >

 在登录页的登录事件中的登录成功后烤入一段代码

代码

// string roles = "admin"; 代表用户角色 新添加
string roles = " admin " ;
HttpCookie cook;
string strReturnURL;
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1 , user, DateTime.Now, DateTime.Now.AddMinutes( 30 ), false , roles);
cook = new HttpCookie( " mycook " );
cook.Value = FormsAuthentication.Encrypt(ticket);
Response.Cookies.Add(cook);
strReturnURL = Request.Params[ " ReturnUrl " ];
if (strReturnURL != null && strReturnURL.Contains(".aspx") )
{
Response.Redirect(strReturnURL);
}
else
{
Session[ " 已经登录 " ] = true ;
Response.Redirect( " index.aspx " );
}

 后台页面调用登录的用户名实例：

litname.Text = User.Identity.Name.ToString();

这样基本上就可以了

但是有个疑问 如果是多用户系统，用户没有登录就跳转到用户的登录页怎么办呢？

刚上面的办法是没办法跳转到2个登录页面的 这时候我们就需要建立一个中间的跳转登录页来根据ReturnURL中是否包含

admin 或者user来判断跳转到哪个登录页面了

建立 login_redirect.aspx

代码

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

namespace xh.shop.web
{
public partial class login_redirect : System.Web.UI.Page
{
protected void Page_Load( object sender, EventArgs e)
{
string strReturnURL = Request.Params[ " ReturnUrl " ];
if (strReturnURL != null && strReturnURL.Contains( " admin " ))

//包含的字段
{
Response.Redirect( " admin/login.aspx ?ReturnUrl=" + strReturnURL);

//如果包含admin则跳转到否则跳转到***
}
else
{ Response.Redirect( " index.aspx ?ReturnUrl=" + strReturnURL); }

}
}
}

最后config里面的loginurl改成 login_redirect.aspx就可以了

< authentication mode ="Forms" >
< forms name ="mycook" loginUrl ="login.aspx" protection ="All" path ="/" />
</ authentication >

正文补充知识:

可以用登录控件直接显示登录状态 登录名等

< asp:LoginView ID ="LoginView1" runat ="server" >
< AnonymousTemplate >
没有登录显示的样式
</ AnonymousTemplate >
< LoggedInTemplate >
登录后显示的样式
< br />< br />< br />< br />
你好!
< asp:LoginName ID ="LoginName1" runat ="server" />
< asp:LoginStatus ID ="LoginStatus1" runat ="server" />
</ LoggedInTemplate >
</ asp:LoginView >

注销函数

// 首先引入using System.Web.Security;
protected void loginout( object sender, EventArgs e)
{

FormsAuthentication.SignOut();
// 注销当前登录用户
}