您的位置:首页 > 编程语言 > ASP

ASP.NET 内置票据认证

2015-12-28 09:46 453 查看
1、
在根目录建立一个Global.asax文件,烤入一段代码


内置票据认证" />
1     protected void Application_AuthenticateRequest(object SENDER, EventArgs e)

2     {

3         if (HttpContext.Current.User != null)

4         {

5             if (HttpContext.Current.User.Identity.IsAuthenticated)

6             {

7                 if (HttpContext.Current.User.Identity is FormsIdentity)

8                 {

9                     FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;

10                     FormsAuthenticationTicket tiecket = id.Ticket;

11                     string userData = tiecket.UserData;

12                     string[] roles = userData.Split(',');

13                     HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(id, roles);

14                 }

15             }

16         }

17     }



内置票据认证" />

2、在web.config 文件中配置目录权限及登录页

登录页,在system.web节点中

1 <</span>authentication mode="Forms">

2             <</span>forms name="mycook" loginUrl="login.aspx" protection="All" path="/"/>

3 </</span>authentication>


配置目录权限,在system.web节点外面


内置票据认证" />
1 <</span>location path="admin">

2         <</span>system.web>

3             <</span>authorization>

4                 <</span>allow roles="admin"/>

5                 <</span>deny users="*"/>

6             </</span>authorization>

7         </</span>system.web>

8     </</span>location>

9     <</span>location path="user">

10         <</span>system.web>

11             <</span>authorization>

12                 <</span>allow roles="user"/>

13                 <</span>deny users="*"/>

14             </</span>authorization>

15         </</span>system.web>

16     </</span>location>

17     <</span>location path="admin/admin_login.aspx">

18         <</span>system.web>

19             <</span>authorization>

20                 <</span>allow users="*"/>

21             </</span>authorization>

22         </</span>system.web>

23     </</span>location>

24     <</span>location path="user/user_login.aspx">

25         <</span>system.web>

26             <</span>authorization>

27                 <</span>allow users="*"/>

28             </</span>authorization>

29         </</span>system.web>

30     </</span>location>



内置票据认证" />

3、在登录页的登录事件中的登录成功后烤入一段代码


内置票据认证" />
// string roles = "admin"; 代表用户角色 新添加
string roles = "admin";

HttpCookie cook;

string strReturnURL;

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(

1, user, DateTime.Now, DateTime.Now.AddMinutes(30), false, roles);

cook = new HttpCookie("mycook");

cook.Value = FormsAuthentication.Encrypt(ticket);

Response.Cookies.Add(cook);

strReturnURL = Request.Params["ReturnUrl"];

if (strReturnURL != null && strReturnURL.Contains(".aspx"))

{

Response.Redirect(strReturnURL);

}

else

{

Session["已经登录"] = true;

Response.Redirect("index.aspx");

}



内置票据认证" />

后台页面调用登录的用户名实例:

litname.Text= User.Identity.Name.ToString();


这样基本上就可以了

但是有个疑问 如果是多用户系统,用户没有登录就跳转到用户的登录页怎么办呢?

刚上面的办法是没办法跳转到2个登录页面的 这时候我们就需要建立一个中间的跳转登录页来根据ReturnURL中是否包含

admin 或者user来判断跳转到哪个登录页面了

建立 login_redirect.aspx


内置票据认证" />
1 using System;

2  using System.Collections.Generic;

3  using System.Linq;

4  using System.Web;

5  using System.Web.UI;

6  using System.Web.UI.WebControls;

7

8 namespace xh.shop.web

9  {

10  public partial class login_redirect : System.Web.UI.Page

11  {

12  protected void Page_Load(object sender, EventArgs e)

13  {

14  string strReturnURL = Request.Params["ReturnUrl"];

15  if (strReturnURL != null && strReturnURL.Contains("admin"))

16

17 //包含的字段
18  {

19  Response.Redirect("admin/login.aspx?ReturnUrl=" + strReturnURL);

20

21 //如果包含admin则跳转到否则跳转到***
22  }

23  else

24  { Response.Redirect("index.aspx?ReturnUrl=" + strReturnURL);}

25

26 }

27  }

28  }



内置票据认证" />

最后config里面的loginurl改成
login_redirect.aspx就可以了

1 "Forms">

2  "mycook" loginUrl="login.aspx" protection="All" path="/"/>

3


正文补充知识:

可以用登录控件直接显示登录状态 登录名等

<</span>asp:LoginViewID="LoginView1" runat="server"><</span>AnonymousTemplate> 没有登录显示的样式 </</span>AnonymousTemplate><</span>LoggedInTemplate> 登录后显示的样式 <</span>br /><</span>br /><</span>br/><</span>br /> 你好! <</span>asp:LoginNameID="LoginName1" runat="server"/><</span>asp:LoginStatusID="LoginStatus1" runat="server"/></</span>LoggedInTemplate></</span>asp:LoginView>


注销函数

//首先引入using System.Web.Security;protectedvoid loginout(object sender, EventArgs e) {

FormsAuthentication.SignOut(); //注销当前登录用户}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航