asp.net基于FORM的身份验证
2008-11-29 19:35
281 查看
using System;<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Data.SqlClient;
using System.Web.Security;
using System.Security.Cryptography;
using System.Text;
using System.IO;
namespace CommandExample
{
/// <summary>
/// login 的摘要说明。
/// </summary>
public class Login01 : System.Web.UI.Page
{
protected System.Web.UI.WebControls.Label Label1;
protected System.Web.UI.WebControls.TextBox tbName;
protected System.Web.UI.WebControls.TextBox tbPass;
protected System.Web.UI.WebControls.Button btnLoginBetter;
protected System.Web.UI.WebControls.RequiredFieldValidator RequiredFieldValidator1;
protected System.Web.UI.WebControls.RequiredFieldValidator RequiredFieldValidator2;
protected System.Web.UI.WebControls.CheckBox PersistCookie;
protected System.Web.UI.WebControls.Label Label2;
private void Page_Load(object sender, System.EventArgs e)
{
// 在此处放置用户代码以初始化页面
}
private void btnLoginBetter_Click(object sender, System.EventArgs e)
{
bool bExist = AuthenticateUser(tbName.Text,tbPass.Text);
if(bExist)
{
//1) //创建一个验证票据
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, tbName.Text,DateTime.Now,
DateTime.Now.AddMinutes(30),PersistCookie.Checked,"User");
//2) //并且加密票据
string cookieStr = FormsAuthentication.Encrypt(ticket);
//3) 创建cookie
HttpCookie cookie =new HttpCookie(FormsAuthentication.FormsCookieName,cookieStr);
if(PersistCookie.Checked) //如果用户选择了保存密码
cookie.Expires=ticket.Expiration;//设置cookie有效期
//cookie存放路径
cookie.Path = FormsAuthentication.FormsCookiePath;
Response.Cookies.Add(cookie);
// 4) do a redirect
string strRedirect;
strRedirect=Request["ReturnUrl"];
if(strRedirect==null)
strRedirect="default.aspx";
Response.Redirect(strRedirect,true);
}
else
Response.Write("<script language='javascript'>alert('用户名称或密码错误!')</script>");
}
private bool ArraysEqual(byte[] array1,byte[] array2)
{
bool bResult = true;
if(array1==null)
throw new ArgumentNullException("array1");
if(array2==null)
throw new ArgumentNullException("array2");
if(array1.Length == array2.Length)
{
for(int i=0;i<array1.Length;i++)
{
if(array1[i]!=array2[i])
{
bResult = false;
break;
}
}
}
return bResult;
}
private bool AuthenticateUser(string strUserName, string strUserPass)
{
SqlConnection con = new SqlConnection();
con.ConnectionString = System.Configuration.ConfigurationSettings.AppSettings["DSN"];
con.Open();
string strSql = "sp_getuserdetails";
SqlCommand com = new SqlCommand(strSql,con);
com.CommandType = CommandType.StoredProcedure;
SqlParameter sqlpUser = new SqlParameter("@acctname",SqlDbType.NVarChar,64);
sqlpUser.Value = tbName.Text;
SqlParameter sqlpPasshash = new SqlParameter("@passhash",SqlDbType.NVarChar,50);
sqlpPasshash.Direction = ParameterDirection.Output;
SqlParameter sqlpPasssalt = new SqlParameter("@passsalt",SqlDbType.NVarChar,50);
sqlpPasssalt.Direction = ParameterDirection.Output;
com.Parameters.Add(sqlpUser);
com.Parameters.Add(sqlpPasssalt);
com.Parameters.Add(sqlpPasshash);
com.ExecuteNonQuery();
string hash = com.Parameters["@passhash"].Value.ToString();
string salt = com.Parameters["@passsalt"].Value.ToString();
bool bExist = false;
if(hash==null||salt==null)
bExist = false;
else
{
byte[] saltBits = Convert.FromBase64String(salt);
byte[] hashBits = Convert.FromBase64String(hash);
byte[] passBits = Encoding.Unicode.GetBytes(strUserPass);
HashAlgorithm hashAlg = SHA1.Create();
CryptoStream cs = new CryptoStream(Stream.Null,hashAlg,CryptoStreamMode.Write);
cs.Write(passBits,0,passBits.Length);
cs.Write(saltBits,0,saltBits.Length);
cs.FlushFinalBlock();
cs.Close();
byte[] digest = hashAlg.Hash;
if (ArraysEqual(digest,hashBits))
bExist = true;
else
bExist = false;
}
con.Close();
return bExist;
}
}
}
FormsAuthentication类:为 Web 应用程序管理 Forms 身份验证服务
方法
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Data.SqlClient;
using System.Web.Security;
using System.Security.Cryptography;
using System.Text;
using System.IO;
namespace CommandExample
{
/// <summary>
/// login 的摘要说明。
/// </summary>
public class Login01 : System.Web.UI.Page
{
protected System.Web.UI.WebControls.Label Label1;
protected System.Web.UI.WebControls.TextBox tbName;
protected System.Web.UI.WebControls.TextBox tbPass;
protected System.Web.UI.WebControls.Button btnLoginBetter;
protected System.Web.UI.WebControls.RequiredFieldValidator RequiredFieldValidator1;
protected System.Web.UI.WebControls.RequiredFieldValidator RequiredFieldValidator2;
protected System.Web.UI.WebControls.CheckBox PersistCookie;
protected System.Web.UI.WebControls.Label Label2;
private void Page_Load(object sender, System.EventArgs e)
{
// 在此处放置用户代码以初始化页面
}
private void btnLoginBetter_Click(object sender, System.EventArgs e)
{
bool bExist = AuthenticateUser(tbName.Text,tbPass.Text);
if(bExist)
{
//1) //创建一个验证票据
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, tbName.Text,DateTime.Now,
DateTime.Now.AddMinutes(30),PersistCookie.Checked,"User");
//2) //并且加密票据
string cookieStr = FormsAuthentication.Encrypt(ticket);
//3) 创建cookie
HttpCookie cookie =new HttpCookie(FormsAuthentication.FormsCookieName,cookieStr);
if(PersistCookie.Checked) //如果用户选择了保存密码
cookie.Expires=ticket.Expiration;//设置cookie有效期
//cookie存放路径
cookie.Path = FormsAuthentication.FormsCookiePath;
Response.Cookies.Add(cookie);
// 4) do a redirect
string strRedirect;
strRedirect=Request["ReturnUrl"];
if(strRedirect==null)
strRedirect="default.aspx";
Response.Redirect(strRedirect,true);
}
else
Response.Write("<script language='javascript'>alert('用户名称或密码错误!')</script>");
}
private bool ArraysEqual(byte[] array1,byte[] array2)
{
bool bResult = true;
if(array1==null)
throw new ArgumentNullException("array1");
if(array2==null)
throw new ArgumentNullException("array2");
if(array1.Length == array2.Length)
{
for(int i=0;i<array1.Length;i++)
{
if(array1[i]!=array2[i])
{
bResult = false;
break;
}
}
}
return bResult;
}
private bool AuthenticateUser(string strUserName, string strUserPass)
{
SqlConnection con = new SqlConnection();
con.ConnectionString = System.Configuration.ConfigurationSettings.AppSettings["DSN"];
con.Open();
string strSql = "sp_getuserdetails";
SqlCommand com = new SqlCommand(strSql,con);
com.CommandType = CommandType.StoredProcedure;
SqlParameter sqlpUser = new SqlParameter("@acctname",SqlDbType.NVarChar,64);
sqlpUser.Value = tbName.Text;
SqlParameter sqlpPasshash = new SqlParameter("@passhash",SqlDbType.NVarChar,50);
sqlpPasshash.Direction = ParameterDirection.Output;
SqlParameter sqlpPasssalt = new SqlParameter("@passsalt",SqlDbType.NVarChar,50);
sqlpPasssalt.Direction = ParameterDirection.Output;
com.Parameters.Add(sqlpUser);
com.Parameters.Add(sqlpPasssalt);
com.Parameters.Add(sqlpPasshash);
com.ExecuteNonQuery();
string hash = com.Parameters["@passhash"].Value.ToString();
string salt = com.Parameters["@passsalt"].Value.ToString();
bool bExist = false;
if(hash==null||salt==null)
bExist = false;
else
{
byte[] saltBits = Convert.FromBase64String(salt);
byte[] hashBits = Convert.FromBase64String(hash);
byte[] passBits = Encoding.Unicode.GetBytes(strUserPass);
HashAlgorithm hashAlg = SHA1.Create();
CryptoStream cs = new CryptoStream(Stream.Null,hashAlg,CryptoStreamMode.Write);
cs.Write(passBits,0,passBits.Length);
cs.Write(saltBits,0,saltBits.Length);
cs.FlushFinalBlock();
cs.Close();
byte[] digest = hashAlg.Hash;
if (ArraysEqual(digest,hashBits))
bExist = true;
else
bExist = false;
}
con.Close();
return bExist;
}
}
}
FormsAuthentication类:为 Web 应用程序管理 Forms 身份验证服务
方法
名称 | 说明 |
Authenticate | 对照存储在应用程序配置文件中的凭据来验证用户名和密码。 |
GetAuthCookie | 已重载。 为给定的用户名创建身份验证 Cookie。 |
GetRedirectUrl | 返回导致重定向到登录页的原始请求的重定向 URL。 |
Initialize | 根据应用程序的配置设置初始化 FormsAuthentication 对象。 |
RedirectToLoginPage | 已重载。 将浏览器重定向到登录 URL。 |
RenewTicketIfOld | 有条件地更新 FormsAuthenticationTicket 的发出日期和时间以及过期日期和时间。 |
SetAuthCookie | 为提供的用户名创建一个身份验证票证,并将其添加到响应的 Cookie 集合或 URL。 |
SignOut | 从浏览器删除 Forms 身份验证票证。 |
相关文章推荐
- ASP.NET MVC 4 (十三) 基于表单的身份验证
- 基于 猫冬的 jQuery formValidator表单验证 的asp.net 控件
- ASP.NET在IE10,IE11中Form表单身份验证失效问题解决方法
- ASP.NET Identity 身份验证和基于角色的授权
- asp.net中使用基于角色的身份Forms验证 (3)
- asp.net中使用基于角色的身份Forms验证 (2)
- asp.net中使用基于角色的身份Forms验证,大致分为四个步骤
- [.NET 基于角色安全性验证] 之三:ASP.NET Forms 身份验证
- Asp.net中的Form身份验证
- Asp.Net Form身份验证
- ASP.NET Web API 2基于令牌的身份验证
- 探索ASP.NET Identity 身份验证和基于角色的授权,中级篇
- ASP.NET MVC Form身份验证
- [导入]如何使用 C# .NET 在 ASP.NET 应用程序中实现基于窗体的身份验证
- ASP.net基于窗体的身份验证
- ASP.NET MVC 4 (十三) 基于表单的身份验证
- 傻瓜教程:asp.net(c#) 如何配置authentication,完成基于表单的身份验证
- ASP.NET MVC 5改进了基于过滤器的身份验证
- ASP.Net:基于Windows的身份验证
- 使用 C# .NET 在 ASP.NET 应用程序中实现基于窗体的身份验证