asp.net身份验证和授权

今天闲着无聊．想起来了ASP.NET身份验证．感觉良好．贴出下列代码:
login.aspx HTML代码







1

<%@ Page language="c#" Codebehind="02Login.aspx.cs" AutoEventWireup="false" Inherits="身份验证._02Login" %>
2

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
3

<HTML>
4

<HEAD>
5

<title>02Login</title>
6

<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
7

<meta name="CODE_LANGUAGE" Content="C#">
8

<meta name="vs_defaultClientScript" content="JavaScript">
9

<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
10

</HEAD>
11

<body MS_POSITIONING="GridLayout">
12

<form id="Form1" method="post" runat="server">
13

<FONT face="宋体">
14

<TABLE id="Table1" style="Z-INDEX: 102; LEFT: 152px; WIDTH: 446px; POSITION: absolute; TOP: 80px; HEIGHT: 72px"
15

cellSpacing="1" cellPadding="1" width="446" border="1">
16

<TR>
17

<TD>
18

<asp:label id="Label1" runat="server">用户名称：</asp:label></TD>
19

<TD>
20

<asp:textbox id="tbName" runat="server" Width="183px"></asp:textbox></TD>
21

<TD>
22

<asp:requiredfieldvalidator id="RequiredFieldValidator1" runat="server" ErrorMessage="用户名不能为空！" ControlToValidate="tbName"></asp:requiredfieldvalidator></TD>
23

</TR>
24

<TR>
25

<TD>
26

<asp:label id="Label2" runat="server">密码：</asp:label></TD>
27

<TD>
28

<asp:textbox id="tbPass" runat="server" Width="183px"></asp:textbox></TD>
29

<TD>
30

<asp:requiredfieldvalidator id="RequiredFieldValidator2" runat="server" ErrorMessage="密码不能为空！" ControlToValidate="tbPass"></asp:requiredfieldvalidator></TD>
31

</TR>
32

<TR>
33

<TD><FONT face="宋体">是否保存Cookie</FONT></TD>
34

<TD>
35

<asp:checkbox id="PersistCookie" runat="server"></asp:checkbox></TD>
36

<TD></TD>
37

</TR>
38

</TABLE>
39

<asp:button id="btnLoginBetter" style="Z-INDEX: 101; LEFT: 288px; POSITION: absolute; TOP: 240px"
40

runat="server" Width="78px" Text="登录"></asp:button>
41

<asp:HyperLink id="HyperLink1" style="Z-INDEX: 103; LEFT: 456px; POSITION: absolute; TOP: 240px"
42

runat="server" NavigateUrl="Default.aspx">HyperLink</asp:HyperLink></FONT>
43

</form>
44

</body>
45

</HTML>

login.aspx.cs代码如下






private void btnLoginBetter_Click(object sender, System.EventArgs e)






{


if (this.tbName.Text == "admin" && this.tbPass.Text == "admin")






{


FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,this.tbName.Text,DateTime.Now,DateTime.Now.AddMinutes(30),this.PersistCookie.Checked,"User");//创建一个验证票据


string cookieStr = FormsAuthentication.Encrypt(ticket);进行加密


HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName,cookieStr);创建一个cookie，cookie名为web.config设置的名,值为加密后的数据cookieStr,


if (this.PersistCookie.Checked)//判断用户是否选中保存cookie


cookie.Expires = ticket.Expiration;//获取cookie过期时间


cookie.Path = FormsAuthentication.FormsCookiePath;//设置cookie保存路径


Response.Cookies.Add(cookie);


string strRedirect;


strRedirect = Request["ReturnUrl"];//取出返回url


if (strRedirect == null)


strRedirect = "Default.aspx";


Response.Redirect(strRedirect,true);




}


else






{


Response.Write("<script>alert('帐号或密码错误!');self.location.href='02login.aspx'</script>");


}


}




Default.aspx　HTML代码






<body MS_POSITIONING="GridLayout">


<form id="Form1" method="post" runat="server">


<FONT face="宋体">


<asp:Label id="Label1" style="Z-INDEX: 106; LEFT: 224px; POSITION: absolute; TOP: 72px" runat="server">用户名称：</asp:Label>


<asp:Label id="Label2" style="Z-INDEX: 102; LEFT: 220px; POSITION: absolute; TOP: 136px" runat="server">身份：</asp:Label>


<asp:Label id="lbUser" style="Z-INDEX: 103; LEFT: 350px; POSITION: absolute; TOP: 79px" runat="server"></asp:Label>


<asp:Label id="lbSf" style="Z-INDEX: 104; LEFT: 355px; POSITION: absolute; TOP: 133px" runat="server"></asp:Label>


<asp:Button id="btnLogout" style="Z-INDEX: 105; LEFT: 261px; POSITION: absolute; TOP: 192px"


runat="server" Text="注销" Width="101px"></asp:Button></FONT>


</form>


</body>
后置代码






private void Page_Load(object sender, System.EventArgs e)






{


this.lbUser.Text = User.Identity.Name;


if (User.IsInRole("Admin"))


this.lbSf.Text = "Admin";


else


this.lbSf.Text = "User";


}






Web 窗体设计器生成的代码#region Web 窗体设计器生成的代码


override protected void OnInit(EventArgs e)






{


//


// CODEGEN: 该调用是 ASP.NET Web 窗体设计器所必需的。


//


InitializeComponent();


base.OnInit(e);


}







/**//// <summary>


/// 设计器支持所需的方法 - 不要使用代码编辑器修改


/// 此方法的内容。


/// </summary>


private void InitializeComponent()






{


this.btnLogout.Click += new System.EventHandler(this.btnLogout_Click);


this.Load += new System.EventHandler(this.Page_Load);




}


#endregion




private void btnLogout_Click(object sender, System.EventArgs e)






{


FormsAuthentication.SignOut();//注销票


Response.Redirect("login.aspx",true);返回login.aspx页面


}





webconfig配置如下
<authentication mode="Forms" >
<forms name=".SecurityDemo" loginUrl="login.aspx">//.SecurityDemo为cookie名,
</forms>
</authentication>
<authorization>
<deny users="?"/> //拒绝所有匿名用户
<allow roles="admins"/>//允许管理级别用户访问
</authorization>
自我感觉ASP写多了，一般是用session进行判断用户是否合法,但在一个ASP.NET项目中使用身份验证,基本上所有页面都要验证才能访问，可以在web.config页面对指定的页面设置权限,设置代码如下
<location path="admin">
<system.web>
<authorization>
<deny users="*" />
<allow roles="paley"/>
</authorization>
</system.web>
</location>
已看资料修如上．对admin文件夹设置权限，拒绝所有用户,允许paley访问



http://www.cnblogs.com/paleyyang/archive/2006/10/21/536147.html