redis + cookies 实现持久登入
通过登入把用户信息和token加载到redis中去,
将token和部分用户信息存储在cookie中,
下次登入时 判断cookie的token在redis中是否存在,
存在就把用户信息加载出来自动登入。
public class LoginFormPrincipal : IPrincipal { private IIdentity _identity; public LoginFormPrincipal(LoginFormIdentity loginFormIdentity) { if (loginFormIdentity == null) { throw new ArgumentNullException("loginFormIdentity"); } _identity = loginFormIdentity; } public IIdentity Identity { get { return _identity; } } public bool IsInRole(string role) { throw new Exception(""); } public bool SignOut() { FormsAuthentication.SignOut(); HttpContext.Current.Session.Abandon(); return true; } public static void SignIn(string CurrentId, string Token, int expiration) { FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(2, CurrentId, DateTime.Now, DateTime.Now.AddDays(1), true, Token); string cookieValue = FormsAuthentication.Encrypt(ticket); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, cookieValue); cookie.HttpOnly = true; cookie.Secure = FormsAuthentication.RequireSSL; cookie.Domain = FormsAuthentication.CookieDomain; cookie.Path = FormsAuthentication.FormsCookiePath; if (expiration > 0) { cookie.Expires = DateTime.Now.AddMinutes(expiration); } HttpContext context = HttpContext.Current; if (context == null) { throw new InvalidOperationException(); } context.Response.Cookies.Remove(cookie.Name); context.Response.Cookies.Add(cookie); } private static FormsAuthenticationTicket TryParseAuthenticationTicket(HttpRequest request) { if (request == null) { throw new ArgumentNullException("request"); } HttpCookie cookie = request.Cookies[FormsAuthentication.FormsCookieName]; if (cookie == null || string.IsNullOrEmpty(cookie.Value)) { return null; } try { return FormsAuthentication.Decrypt(cookie.Value); } catch { } return null; } private static LoginFormPrincipal TryParsePrincipal(HttpRequest request) { FormsAuthenticationTicket ticket = TryParseAuthenticationTicket(request); if (ticket == null) { return null; } int UserId = 0; if (!int.TryParse(ticket.Name, out UserId)) { return null; } string Token = ticket.UserData; if (string.IsNullOrEmpty(Token)) { return null; } return new LoginFormPrincipal(new LoginFormIdentity(UserId, Token)); } public static void TrySetUserInfo(HttpContext context) { if (context == null) { throw new ArgumentNullException("context"); } LoginFormPrincipal user = TryParsePrincipal(context.Request); if (user != null) { HttpCookie cookie = context.Request.Cookies[FormsAuthentication.FormsCookieName]; cookie.Expires = DateTime.Now.AddMinutes(20); context.Response.Cookies.Remove(cookie.Name); context.Response.Cookies.Add(cookie); context.User = user; string key = string.Format(RedisKeys.CurrentUser, user.Identity.Name + user.Identity.AuthenticationType); RedisBase.SetListExpire(key, DateTime.Now.AddMinutes(20)); } else { context.User = user; HttpCookie cookie = context.Request.Cookies[FormsAuthentication.FormsCookieName]; if (cookie != null) { cookie.Expires = new DateTime(1970, 1, 1); context.Response.Cookies.Remove(FormsAuthentication.FormsCookieName); context.Response.Cookies.Add(cookie); } } } } public class LoginFormIdentity : IIdentity { private string _userId; private string _token; public LoginFormIdentity(int UserId, string Token) { _userId = UserId.ToString(); _token = Token; } public string AuthenticationType { get { return _token; } } public bool IsAuthenticated { get { return true; } } public string Name { get { return _userId; } } }
