首先,对 全局的 web.config 的设置:
- <system.web>
- <authentication mode="Forms">
- <forms loginUrl="admin/login.aspx" protection="All" timeout="30" />
- </authentication>
- <compilation debug="true"/>
- </system.web>
而后,在 Admin 下增加一个 web.config 文件,并对其进行设置:
- <connectionStrings/>
- <system.web>
- <authorization>
- <deny users="?"/>
- </authorization>
- </system.web>
- </configuration>
但是,这样一来,就会出现一个问题。Admin文件夹下所有文件都被进行了验证,如果不登陆,该用户是无法看到里面所有的东西,包括 图片 元素。于是,该登陆界面的UI 会变形,(如果应用到了验证码,验证码也会挂掉了)。
所以,第三步,应该是,将 这些 图片,验证码文件,都提到 Admin 以外的文件夹。
OK! 完成Froms 验证!
Login 的代码:
- #region 页面加载事件
- /// <summary>
- /// 页面加载事件
- /// </summary>
- /// <param name="sender"></param>
- /// <param name="e"></param>
- protected void Page_Load(object sender, EventArgs e)
- {
- if (!IsPostBack)
- {
- }
- }
- #endregion
- #region 登陆按钮点击事件
- /// <summary>
- /// 登陆按钮点击事件
- /// </summary>
- /// <param name="sender"></param>
- /// <param name="e"></param>
- protected void ImgLogin_Click(object sender, ImageClickEventArgs e)
- {
- #region 验证验证码
- if (Session["CheckCode"] == null || txtVerifyCode.Text == "" || Session["CheckCode"].ToString() != txtVerifyCode.Text)
- {
- //Response.Write("<script>alert('验证码不正确');</script>");
- Page.ClientScript.RegisterStartupScript(this.GetType(), "", "<script>alert('验证码不正确');</script>");
- this.txtVerifyCode.Text = "";
- return;
- }
- Session.Remove("CheckCode");
- #endregion
- //过滤用户输入的非法字符
- string name = ParamFilter.FilterSqlString(this.txtUserName.Text.Trim());
- //MD5加密用户密码
- string pwd = UserInfo.Encrypt(this.txtUserPwd.Text.Trim());
- if (UserInfo.UserLogin(name, pwd))
- {
- string str_Key = this.txtUserName.Text + "_" + this.txtUserPwd.Text;
- string str_User = Convert.ToString(Cache[str_Key]);
- #region 实现用户单点登陆代码(SSO)
- if (str_User == string.Empty)
- {
- TimeSpan sessTimeOut = new TimeSpan(0, 0, HttpContext.Current.Session.Timeout, 0, 0);
- HttpContext.Current.Cache.Insert(str_Key, str_Key, null, DateTime.MaxValue, sessTimeOut, CacheItemPriority.NotRemovable, null);
- Session["User"] = str_Key;
- //更新用户登陆时间
- UserInfo.UpdateLoginTime(name, DateTime.Now);
- System.Web.Security.FormsAuthentication.SetAuthCookie(this.txtUserName.Text, false);
- if (Request.QueryString["ReturnUrl"] != null && Request.QueryString["ReturnUrl"] != "")
- {
- System.Web.Security.FormsAuthentication.RedirectFromLoginPage(this.txtUserName.Text, false);
- }
- else
- {
- Session["UserName"] = name;
- this.Response.Redirect("Default.aspx");
- }
- }
- else
- {
- Page.ClientScript.RegisterStartupScript(this.GetType(), "", "<script>alert('抱歉你已经登陆!');</script>");
- this.txtUserName.Text = "";
- this.txtVerifyCode.Text = "";
- this.txtUserPwd.Text = "";
- return;
- }
- #endregion
- }
- else
- {
- Page.ClientScript.RegisterStartupScript(this.GetType(), "", "<script>alert('用户名或密码错误!');</script>");
- this.txtUserName.Text = "";
- this.txtVerifyCode.Text = "";
- this.txtUserPwd.Text = "";
- return;
- }
- }
- #endregion