How To Create GenericPrincipal Objects with Forms Authentication(转MSDN)
2004-12-21 14:54
621 查看
Objectives
Use this module to:Create a Web application that uses Forms authentication and populates a GenericPrincipal object with the identity and roles of the authenticated user for the purpose of .NET role-based authorization.
Applies To
This module applies to the following products and technologies:Microsoft Windows® XP or Windows 2000 Server (with Service Pack 3) and later operating systems
Microsoft .NET Framework version 1.0 (with Service Pack 2) and later versions
Microsoft Visual Studio® 1.0 .NET development system and later versions
Microsoft Visual C#® .NET development tool
Create a Web Application with a Logon Page
This procedure creates a new ASP.NET Web application. The application will contain two pages; a default page that only authenticated users are allowed to access, and a logon page used to collect user credentials.To create a Web application with a logon page
Start Visual Studio .NET and create a new Visual C# ASP.NET Web Application called GenericPrincipalApp.
Rename WebForm1.aspx to Logon.aspx.
Add the following controls to Logon.aspx to create a logon form.
Table 1: Logon.aspx controls
Control Type | Text | ID |
---|---|---|
Label | User Name: | - |
Label | Password | - |
Text Box | - | txtUserName |
Text Box | - | txtPassword |
Button | Logon | btnLogon |
In Solution Explorer, right-click GenericPrincipalApp, point to Add, and then click Add Web Form.
Enter default.aspx as the new form's name, and then click Open.
Configure the Web Application for Forms Authentication
To edit the application's Web.config file to configure the application for Forms authenticationUse Solution Explorer to open Web.config.
Locate the <authentication> element and change the mode attribute to Forms.
Add the following <forms> element as a child of the <authentication> element and set the loginUrl, name, timeout, and path attributes as follows:
<authentication mode="Forms"> <forms loginUrl="logon.aspx" name="AuthCookie" timeout="60" path="/"> </forms> </authentication>
Add the following <authorization> element beneath the <authentication> element. This allows only authenticated users to access the application. The previously established loginUrl attribute of the <authentication> element redirects unauthenticated requests to the Logon.aspx page.
<authorization> <deny users="?" /> <allow users="*" /> </authorization>
Generate an Authentication Ticket for Authenticated Users
This procedure writes code to generate an authentication ticket for authenticated users. The authentication ticket is a type of cookie used by the ASP.NET FormsAuthenticationModule.The authentication code typically involves looking up the supplied user name and password against either a custom database or against Active Directory.
For information about performing these lookups, see the following modules in this guidance:
"How To Use Forms Authentication with Active Directory"
"How To Use Forms Authentication with SQL Server 2000"
To generate an authentication ticket for authenticated users
Open the Logon.aspx.cs file and the following using statement to the top of the file beneath the existing using statements:
using System.Web.Security;
Add the following private helper method to the WebForm1 class called IsAuthenticated, which is used to validate user names and passwords to authenticate users. This code assumes that all user name and password combinations are valid.
private bool IsAuthenticated( string username, string password ) { // Lookup code omitted for clarity // This code would typically validate the user name and password // combination against a SQL database or Active Directory // Simulate an authenticated user return true; }
Add the following private helper method called GetRoles, which is used to obtain the set of roles that the user belongs to.
private string GetRoles( string username, string password ) { // Lookup code omitted for clarity // This code would typically look up the role list from a database table. // If the user was being authenticated against Active Directory, the // Security groups and/or distribution lists that the user belongs to may be // used instead // This GetRoles method returns a pipe delimited string containing roles // rather than returning an array, because the string format is convenient // for storing in the authentication ticket / cookie, as user data return "Senior Manager|Manager|Employee"; }
Display the Logon.aspx form in Designer mode and double-click the Logon button to create a click event handler.
Add a call to the IsAuthenticated method, supplying the user name and password captured through the logon form. Assign the return value to a variable of type bool, which indicates whether or not the user is authenticated.
bool isAuthenticated = IsAuthenticated( txtUserName.Text, txtPassword.Text );
If the user is authenticated, add a call to the GetRoles method to obtain the user's role list.
if (isAuthenticated == true ) { string roles = GetRoles( txtUserName.Text, txtPassword.Text );
Create a new forms authentication ticket that contains the user name, an expiration time, and the list of roles that the user belongs to. Note that the user data property of the authentication ticket is used to store the user's role list. Also note that the following code creates a non-persistent ticket, although whether or not the ticket / cookie is persistent is dependent upon your application scenario.
// Create the authentication ticket FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, // version txtUserName.Text, // user name DateTime.Now, // creation DateTime.Now.AddMinutes(60),// Expiration false, // Persistent roles ); // User data
Add code to create an encrypted string representation of the ticket and store it as data within an HttpCookie object.
// Now encrypt the ticket. string encryptedTicket = FormsAuthentication.Encrypt(authTicket); // Create a cookie and add the encrypted ticket to the // cookie as data. HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
Add the cookie to the cookies collection returned to the user's browser.
// Add the cookie to the outgoing cookies collection. Response.Cookies.Add(authCookie);
Redirect the user to the originally requested page
// Redirect the user to the originally requested page Response.Redirect( FormsAuthentication.GetRedirectUrl( txtUserName.Text, false )); }
Construct GenericPrincipal and FormsIdentity Objects
This procedure implements an application authentication event handler and constructs GenericPrincipal and FormsIdentity objects based on information contained within the authentication ticket.To construct GenericPrincipal and FormsIdentity objects
From Solution Explorer, open global.asax.
Switch to code view and add the following using statements to the top of the file:
using System.Web.Security;using System.Security.Principal;
Locate the Application_AuthenticateRequest event handler and add the following code to obtain the forms authentication cookie from the cookie collection passed with the request.
// Extract the forms authentication cookie string cookieName = FormsAuthentication.FormsCookieName; HttpCookie authCookie = Context.Request.Cookies[cookieName]; if(null == authCookie) { // There is no authentication cookie. return; }
Add the following code to extract and decrypt the authentication ticket from the forms authentication cookie.
FormsAuthenticationTicket authTicket = null; try { authTicket = FormsAuthentication.Decrypt(authCookie.Value); } catch(Exception ex) { // Log exception details (omitted for simplicity) return; } if (null == authTicket) { // Cookie failed to decrypt. return; }
Add the following code to parse out the pipe separate list of role names attached to the ticket when the user was originally authenticated.
// When the ticket was created, the UserData property was assigned a // pipe delimited string of role names. string[] roles = authTicket.UserData.Split(new char[]{'|'});
Add the following code to create a FormsIdentity object with the user name obtained from the ticket name and a GenericPrincipal object that contains this identity together with the user's role list.
// Create an Identity object FormsIdentity id = new FormsIdentity( authTicket ); // This principal will flow throughout the request. GenericPrincipal principal = new GenericPrincipal(id, roles); // Attach the new principal object to the current HttpContext object Context.User = principal;
Test the Application
This procedure adds code to the default.aspx page to display information from the GenericPrincipal object attached to the current HttpContext object, to confirm that the object has been correctly constructed and assigned to the current Web request. You will then build and test the application.To test the application
In Solution Explorer, double-click default.aspx.
Double-click the default.aspx Web form to display the page load event handler.
Scroll to the top of the file and add the following using statement beneath the existing using statements.
using System.Security.Principal;
Return to the page load event handler and add the following code to display the identity name attached to the GenericPrincipal associated with the current Web request.
IPrincipal p = HttpContext.Current.User; Response.Write( "Authenticated Identity is: " + p.Identity.Name ); Response.Write( "<p>" );
Add the following code to test role membership for the current authenticated identity.
if ( p.IsInRole("Senior Manager") ) Response.Write( "User is in Senior Manager role<p>" ); else Response.Write( "User is not in Senior Manager role<p>" ); if ( p.IsInRole("Manager") ) Response.Write( "User is in Manager role<p>" ); else Response.Write( "User is not in Manager role<p>" ); if ( p.IsInRole("Employee") ) Response.Write( "User is in Employee role<p>" ); else Response.Write( "User is not in Employee role<p>" ); if ( p.IsInRole("Sales") ) Response.Write( "User is in Sales role<p>" ); else Response.Write( "User is not in Sales role<p>" );
In Solution Explorer, right-click default.aspx, and then click Set As Start Page.
On the Build menu, click Build Solution. Eliminate any build errors.
Press Ctrl+F5 to run the application. Because default.aspx is configured as the start up page, this is the initially requested page.
When you are redirected to the logon page (because you do not initially have an authentication ticket), enter a user name and password (any will do), and then click Logon.
Confirm that you are redirected to default.aspx and that the user identity and the correct role details are displayed. The user should be a member of the Senior Manager, Manager, and Employee role, but not a member of the Sales role.
相关文章推荐
- How To Create GenericPrincipal Objects with Forms Authentication
- !!!How to initialize pointer with new objects
- How to Install Linux KVM and Create Guest VM with Examples
- How to create and apply a patch with Git
- How to create and apply a patch with git
- [转]how to sign an assembly with a strong name & how to create a pair key怎样通过强名给程序集签名以及如何创建钥匙对?
- Oracle:How to create physical standby database with 11g RMAN DUPLICATE FROM ACTIVE DATABASE [ID 747250.1]
- How to create physical standby database with 11g RMAN DUPLICATE FROM ACTIVE DATABASE [ID 747250.1]
- how to create colored 3D Objects using the OpenGL® ES cross-platform API.
- How To Create A Mole Whacking Game with Cocos2D: Part 2/2
- How to use WinSCP with public key authentication
- How to create id with AUTO_INCREMENT on Oracle?
- [MSDN]How to use the computer keyboard with Windows Phone Emulator
- How to create a project with existing folder of files in Visual Studio?
- How to create a DLL library in C and then use it with C#
- How to create physical standby database with 11g RMAN DUPLICATE FROM ACTIVE DATABASE [ID 747250.1]
- How to create a new object in Windchill with IBAs
- How to create a Python dictionary with double quotes as default quote format?
- How to create a site with AJAX enabled in MVC framework.
- How to identify all the Corrupted Objects in the Database reported with RMAN