在一开始学习用ASP.NET来做登录的时候,都是用Session来做登录凭证的,但是由于后期网站的功能越来越多就想把网站的功能细分,而做成像CSDN一样各个网站子分类都有一个自己的域名如news.mysite.com, blog.mysite.com;但问题来了因为Session不能跨应用程序,然后在网站搜索,但找到的都是把子网站合并到主网站去,显示这种做法是极其不合理的;
然后以下是我的想法
不用Session做登录凭证而用Cookies来做登录凭证
1:然后在IIS中建立两个网站News.MySite.com,Blog.MySite.com (注这些在要Hosts文件中进行转向,不懂可以网上搜),注意一定要有域名的网站不然的话如网站主机头为127.0.0.1或者localhost这样的主机头没有办法保存域Cookies
2:在两个网站的Web.config中添加appsetting
< appSettings > < add key ="RootDomain" value ="mysite.com" /> < add key ="PrivateKey" value ="12345678" /> </ appSettings >
这是为了方便网站以后换域名的时候不用更改代码,PrivateKey是防止篡改Cookies而效仿网银功能添加多一个MD5验证功能
3:编写Cookies操作类
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
using
System;
using
System.Web;
namespace
Z.Core.Tools
{
/// <summary>
/// Cookie 操作类
/// </summary>
public
class
Cookie
{
/// <summary>
/// 设置一个Cookie
/// </summary>
/// <param name="name">名称</param>
/// <param name="value">值</param>
public
static
void
Set(
string
name,
string
value)
{
Set(name, value, 0);
}
/// <summary>
/// 设置一个Cookie
/// </summary>
/// <param name="name">名称</param>
/// <param name="value">值</param>
/// <param name="expiresDays">过期时间</param>
public
static
void
Set(
string
name,
string
value,
int
expiresDays)
{
//删除原先添加的相同Cookie
foreach
(
string
item
in
HttpContext.Current.Response.Cookies.AllKeys)
{
//判断为和当前已有的Cookie相同的时候进行remove
if
(item == name)
{
HttpContext.Current.Response.Cookies.Remove(name);
}
}
HttpCookie MyCookie =
new
HttpCookie(name);
if
(System.Configuration.ConfigurationManager.AppSettings[
"RootDomain"
] ==
null
)
{
throw
new
Exception(Lang.Define.Get(Lang.DefineEnum.RootDomain_未设置));
}
MyCookie.Domain = System.Configuration.ConfigurationManager.AppSettings[
"RootDomain"
];
if
(value !=
null
)
{
MyCookie.Value = System.Web.HttpUtility.UrlEncode(value).Replace(
"+"
,
"%20"
);
}
//如果值为null的话说明删除这个cookie
if
(value ==
null
&& expiresDays == 0)
{
expiresDays = -1;
}
if
(expiresDays != 0)
{
DateTime expires = DateTime.Now.AddDays(expiresDays);
MyCookie.Expires = expires;
}
HttpContext.Current.Response.Cookies.Add(MyCookie);
}
/// <summary>
/// 删除一个Cookie
/// </summary>
/// <param name="name">名称</param>
public
static
void
Delele(
string
name)
{
Set(name,
""
, -1);
}
/// <summary>
/// 取得一个有效的Cookie
/// </summary>
/// <param name="name">名称</param>
/// <returns>值</returns>
public
static
string
Get(
string
name)
{
string
result =
null
;
foreach
(
string
item
in
HttpContext.Current.Response.Cookies.AllKeys)
{
if
(item == name)
{
if
(HttpContext.Current.Response.Cookies[name].Expires > DateTime.Now || HttpContext.Current.Response.Cookies[name].Expires ==
new
DateTime(1, 1, 1))
{
//如果判断到这个Cookie是有效的,取这个有效的新值
result = System.Web.HttpUtility.UrlDecode(HttpContext.Current.Response.Cookies[name].Value);
return
result;
}
else
{
//无效的话还回null
return
null
;
}
}
}
//如果在新添加中的没有就取客户端的
if
(HttpContext.Current.Request.Cookies[name] !=
null
)
{
result = System.Web.HttpUtility.UrlDecode(HttpContext.Current.Request.Cookies[name].Value.Replace(
"%20"
,
"+"
));
}
return
result;
}
/// <summary>
/// 清空Cookie
/// </summary>
public
static
void
Clear()
{
for
(
int
i = 0; i <= HttpContext.Current.Request.Cookies.Count - 1; i++)
{
//当Cookies的名称不为ASP.NET_SessionID的时候将他删除,因为删除了这个Cookies的话会导致重创建Session链接
if
(HttpContext.Current.Request.Cookies[i].Name.ToLower() !=
"asp.net_sessionid"
)
{
Set(HttpContext.Current.Request.Cookies[i].Name,
""
, -1);
}
}
}
}
}
|
4:编写登录凭证类
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
|
using
System;
using
System.Collections.Generic;
using
System.Linq;
using
System.Text;
namespace
Z.Core.Tools
{
/// <summary>
/// 网站Cookie集合
/// </summary>
public
class
CookieGroupTemplate
{
/// <summary>
/// 登录User
/// </summary>
public
static
string
UserCode
{
get
{
CheckKey();
return
Z.Core.Tools.Cookie.Get(
"UserCode"
);
}
set
{
Z.Core.Tools.Cookie.Set(
"UserCode"
, value);
SetKey();
}
}
/// <summary>
/// 登录用户名
/// </summary>
public
static
string
UserName
{
get
{
CheckKey();
return
Z.Core.Tools.Cookie.Get(
"UserName"
);
}
set
{
Z.Core.Tools.Cookie.Set(
"UserName"
, value);
SetKey();
}
}
/// <summary>
/// 登录用户父级代码
/// </summary>
public
static
string
ParentCode
{
get
{
CheckKey();
return
Z.Core.Tools.Cookie.Get(
"ParentCode"
); ;
}
set
{
Z.Core.Tools.Cookie.Set(
"ParentCode"
, value);
SetKey();
}
}
/// <summary>
/// 登录用户父级名称
/// </summary>
public
static
string
ParentName
{
get
{
CheckKey();
return
Z.Core.Tools.Cookie.Get(
"ParentName"
);
}
set
{
Z.Core.Tools.Cookie.Set(
"ParentName"
, value);
SetKey();
}
}
/// <summary>
/// 登录权限组
/// </summary>
public
static
string
Groups
{
get
{
CheckKey();
return
Z.Core.Tools.Cookie.Get(
"Groups"
); ;
}
set
{
Z.Core.Tools.Cookie.Set(
"Groups"
, value);
SetKey();
}
}
/// <summary>
/// 操作位置
/// </summary>
public
static
string
OperateFrom
{
get
{
return
Z.Core.Tools.Cookie.Get(
"OperateFrom"
);
}
set
{
Z.Core.Tools.Cookie.Set(
"OperateFrom"
, value);
}
}
/// <summary>
/// 加密Cookies定义
/// </summary>
static
List<
string
> CookieKeys =
new
List<
string
>()
{
"UserCode"
,
"UserName"
,
"ParentCode"
,
"ParentName"
,
"Groups"
,
"OperateFrom"
};
/// <summary>
/// 生成验证Key
/// </summary>
static
void
SetKey()
{
string
key =
""
;
foreach
(var s
in
CookieKeys)
{
key += s;
key +=
"="
;
key += Cookie.Get(s);
key +=
"&"
;
}
key += SettingGroupTemplate.PrivateKey;
key = key.ToMD5();
Cookie.Set(
"PrivateKey"
, key);
}
/// <summary>
/// 验证Cookie
/// </summary>
static
void
CheckKey()
{
string
key =
""
;
foreach
(var s
in
CookieKeys)
{
key += s;
key +=
"="
;
key += Cookie.Get(s);
key +=
"&"
;
}
string
privateKey = Cookie.Get(
"PrivateKey"
);
if
(privateKey ==
null
)
{
string
_key =
""
;
foreach
(var s
in
CookieKeys)
{
_key += s;
_key +=
"="
;
_key +=
"&"
;
}
if
(key == _key)
{
SetKey();
return
;
}
}
key += SettingGroupTemplate.PrivateKey;
key = key.ToMD5();
if
(privateKey ==
null
)
{
}
if
(key != privateKey)
{
throw
new
ExceptionMessage(Lang.DefineEnum.Cookie验证出错.Define());
}
}
}
}
|
----------------------------------------
好了,我默认在我的Cookies类中添加了几个常用到的值为读取这些Cookies的时候进行MD5验证,以保证Cookies的安全性
然后只要在你的网站项目中引用上面两个类,
然后在任意一个网站写入代码
Z.Core.Tools.CookieGroupTemplate.UserCode = "123";
然后在其他网站中用代码
Z.Core.Tools.CookieGroupTemplate.UserCode;
都可以读取得到这个登录用户的ID
是不是很简单啊。。。。