您的位置:首页 > 编程语言 > C#

基于Form的web身份验证--C#实施攻略

2011-07-27 16:34 483 查看
CustomIdentity类:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Security.Principal;
using System.Text;

namespace BIReportCenter.Utility.Authentication
{
/// <summary>
/// 用户身份信息
/// </summary>
[Serializable]
public class CustomIdentity : IIdentity
{
/// <summary>
/// 用户自定义信息。
/// </summary>
public String UserData { get; set; }
#region IIdentity Members

public virtual string AuthenticationType { get { return "Forms"; } }

public virtual bool IsAuthenticated { get { return true; } }

public virtual string Name { get { return string.Empty; } }
#endregion
public CustomIdentity(string userData)
{
UserData = userData;
}
public CustomIdentity() { }
}
}


 

FormAuthenticationUtil类:

using System;
using System.Security.Principal;
using System.Web;
using System.Web.Security;

namespace BIReportCenter.Utility.Authentication
{
public delegate IIdentity GetCustomIdentityMapper(string userData);
public class FormsAuthenticationUtil
{

#region 共有
/// <summary>
/// 保存票据,并跳转到登录页
/// </summary>
/// <param name="userName"></param>
/// <param name="userData"></param>
/// <param name="createPersistentCookie"></param>
/// <param name="strCookiePath"></param>
public static void RedirectFromLoginPage(string userName, string userData, bool createPersistentCookie, string strCookiePath)
{
RedirectFromLoginPageMain(userName, userData, createPersistentCookie, strCookiePath);
}

/// <summary>
/// 保存票据,并跳转到登录页
/// </summary>
/// <param name="userName"></param>
/// <param name="userData"></param>
/// <param name="createPersistentCookie"></param>
public static void RedirectFromLoginPage(string userName, string userData, bool createPersistentCookie)
{
RedirectFromLoginPageMain(userName, userData, createPersistentCookie, null);
}

/// <summary>
/// 保存票据
/// </summary>
/// <param name="userName"></param>
/// <param name="userData"></param>
/// <param name="createPersistentCookie"></param>
public static void SetAuthCookie(string userName, string userData, bool createPersistentCookie)
{
SetAuthCookieMain(userName, userData, createPersistentCookie, null);
}

/// <summary>
/// 保存票据
/// </summary>
/// <param name="userName"></param>
/// <param name="userData"></param>
/// <param name="createPersistentCookie"></param>
/// <param name="strCookiePath"></param>
public static void SetAuthCookie(string userName, string userData, bool createPersistentCookie, string strCookiePath)
{
SetAuthCookieMain(userName, userData, createPersistentCookie, strCookiePath);
}

/// <summary>
/// 从用户的票据信息中获取用户自定义信息,并初始化到HttpContext.Current.User中。
/// </summary>
public static void GetFormTicketData(GetCustomIdentityMapper customIdentityMapper)
{
if (HttpContext.Current.User != null)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (HttpContext.Current.User.Identity is FormsIdentity)
{
var id = (FormsIdentity)HttpContext.Current.User.Identity;
FormsAuthenticationTicket ticket = (id.Ticket);
if (!FormsAuthentication.CookiesSupported)
{
ticket = FormsAuthentication.Decrypt(id.Ticket.Name);
}
if (!string.IsNullOrEmpty(ticket.UserData))
{
//HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(id, roles);
// 由字符串解析的数据创建当前身份信息
HttpContext.Current.User = new UserPrincipal((IIdentity)customIdentityMapper(ticket.UserData));
return;
}
}
}
}
HttpContext.Current.User = null;
}
#endregion

#region 私有
private FormsAuthenticationUtil()
{
}

private static void RedirectFromLoginPageMain(string userName, string userData, bool createPersistentCookie, string strCookiePath)
{
SetAuthCookieMain(userName, userData, createPersistentCookie, strCookiePath);
HttpContext.Current.Response.Redirect(FormsAuthentication.GetRedirectUrl(userName, createPersistentCookie));
}

/// <summary>
/// 创建并返回票据信息。
/// </summary>
private static FormsAuthenticationTicket CreateAuthenticationTicket(string userName, string userData, bool createPersistentCookie, string strCookiePath)
{
string cookiePath = strCookiePath ?? FormsAuthentication.FormsCookiePath;
//获取cookie的timeout
int expirationMinutes = GetCookieTimeoutValue();
//创建票据
var ticket = new FormsAuthenticationTicket(
1,                      //版本
userName,               //
DateTime.Now,           //票据创建时间
DateTime.Now.AddMinutes(expirationMinutes), //过期时间
createPersistentCookie, //是否持久化票据
userData,              //权限信息
cookiePath);            //cookie的有效路径
return ticket;
}

/// <summary>
/// 获取票据的过期时间
/// </summary>
/// <returns></returns>
private static int GetCookieTimeoutValue()
{
return Convert.ToInt32(FormsAuthentication.Timeout.TotalMinutes);
//int timeout = 30; //Default timeout is 30 minutes
//XmlDocument webConfig = new XmlDocument();
//webConfig.Load(HttpContext.Current.Server.MapPath(@"~\web.config"));
//XmlNode node = webConfig.SelectSingleNode("/configuration/system.web/authentication/forms");
//if (node != null && node.Attributes["timeout"] != null)
//{
//    timeout = int.Parse(node.Attributes["timeout"].Value);
//}
//return timeout;
}

/// <summary>
/// 创建票据,并将票据存储至cookie或uri中。
/// </summary>
private static void SetAuthCookieMain(string userName, string userData, bool createPersistentCookie, string strCookiePath)
{
FormsAuthenticationTicket ticket = CreateAuthenticationTicket(userName, userData, createPersistentCookie, strCookiePath);
//加密票据
string encrypetedTicket = FormsAuthentication.Encrypt(ticket);

if (!FormsAuthentication.CookiesSupported)
{
//如果客户端不支持cookie,就使用uri方式存储。
FormsAuthentication.SetAuthCookie(encrypetedTicket, createPersistentCookie);
}
else
{
//没有指定的情况下cookie的默认名称为: .ASPXAUTH,在web.config中的<forms>节点中指定
var authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encrypetedTicket);
if (ticket.IsPersistent) authCookie.Expires = ticket.Expiration;
HttpContext.Current.Response.Cookies.Add(authCookie);
}
}
#endregion
}
}


 UserPrincipal类:

using System;
using System.Collections.Generic;
using System.Collections;
using System.Linq;
using System.Web;
using System.Security.Principal;

namespace BIReportCenter.Utility.Authentication
{

/// <summary>
/// 用户身份信息
/// </summary>
public class UserPrincipal : IPrincipal
{

#region IPrincipal Members

protected IIdentity _IIdentity;
public bool IsInRole(string role)
{
return true;
}

public IIdentity Identity
{
get { return _IIdentity; }
set { this._IIdentity = value; }
}

#endregion

/// <summary>
/// 构造用户身份信息
/// </summary>
/// <param name="iIdentity">当前请求用户的身份标识</param>
public UserPrincipal(IIdentity iIdentity)
{
this._IIdentity = iIdentity;
}

public UserPrincipal()
{
this._IIdentity = null;
}
}
}


PageBaseHelper类:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using BIReportCenter.Utility.Authentication;

namespace BIReportCenter.UI.ReportAdmin.WebUtilities
{
public static class PageBaseHelper
{
/// <summary>
/// 获取当前用户的身份信息
/// </summary>
public static UserIdentity CurrentUserInfo
{
get
{
var user = HttpContext.Current.User as UserPrincipal;
return user == null ? null : user.Identity as UserIdentity;
}
}
/// <summary>
/// 更新当前用户身份信息
/// </summary>
public static void UpdateAuthCookie()
{
FormsAuthenticationUtil.SetAuthCookie(CurrentUserInfo.UserName, CurrentUserInfo.ToString(), false);
}
}
}


PageBase类:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Security;
using BIReportCenter.UI.ReportAdmin.WebUtilities;
using BIReportCenter.Utility.Authentication;

namespace AnalysisReports.WebUtilities
{
public class PageBase : System.Web.UI.Page
{
protected override void OnInit(EventArgs e)
{
if (CurrentUserInfo == null)
{
this.Response.Redirect("~/Login.aspx");
}
base.OnInit(e);
}
/// <summary>
/// 获取当前用户的身份信息
/// </summary>
public UserIdentity CurrentUserInfo
{
get
{
UserPrincipal user = this.User as UserPrincipal;
if (user != null)
return user.Identity as UserIdentity;
else
return null;
}
}
}
}

UserIdentity类:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Security.Principal;
using System.Text;

namespace BIReportCenter.UI.ReportAdmin.WebUtilities
{
/// <summary>
/// 用户身份信息
/// </summary>
[Serializable]
public class UserIdentity : IIdentity
{

#region 数据成员

/// <summary>
/// UserInfo,Id
/// </summary>
public Int32 UserId { get; set; }

public String UserName { get; set; }

public String UserRealName { get; set; }

#endregion
#region IIdentity Members

public virtual string AuthenticationType { get { return "Forms"; } }

public virtual bool IsAuthenticated { get { return true; } }

public virtual string Name { get { return string.Empty; } }
#endregion

/// <summary>
/// 有参构造
/// </summary>
/// <param name="userIdentity">用户信息,从cookie读来的字符串</param>
public UserIdentity(string userIdentity)
{
if (!string.IsNullOrEmpty(userIdentity))
{
string[] userInfo = userIdentity.Split('≮');
UserId = Convert.ToInt32(userInfo[0]);
UserName = userInfo[1].ToString();
UserRealName = userInfo[2].ToString();
}
}

public UserIdentity()
{
}

public override string ToString()
{
// 账户信息
var builder = new StringBuilder();
builder.Append(UserId).Append("≮");
builder.Append(UserName).Append("≮");
builder.Append(UserRealName);
return builder.ToString();
}
}
}


 

Global中的配置:

protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
FormsAuthenticationUtil.GetFormTicketData(userData => new UserIdentity(userData));
}

页面中用户名密码验证通过时:

FormsAuthenticationUtil.SetAuthCookie(name, userIdentity.ToString(), false);

页面注销时:

FormsAuthentication.SignOut();

附加图片:





webconfig 配置:

 

<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="~/Login.aspx" defaultUrl="~/Default.aspx" protection="All" timeout="120" path="/" requireSSL="false" slidingExpiration="true"
enableCrossAppRedirects="false" cookieless="UseDeviceProfile"/>
</authentication>
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签:  web string forms null class authentication
相关文章推荐
新的分享
章节导航