雁过请留痕...
代码改变世界

[mvc] 简单的forms认证

2018-05-07 17:09 xiashengwang 阅读(...) 评论(...) 编辑 收藏

1、在web.config的system.web节点增加authentication节点,定义如下:

  <system.web>
    <compilation debug="true" targetFramework="4.5.2"/>
    <httpRuntime targetFramework="4.5.2"/>
    <authentication mode="Forms">
      <forms loginUrl="~/Account/Login" timeout="2880">
        <credentials passwordFormat="Clear">
          <user name="user" password="pwd001"/>
          <user name="admin" password="pwd002"/>
        </credentials>
      </forms>
    </authentication>
  </system.web>

2,新增AccountController。

    public class AccountController : Controller
    {
        // 用于初期表示用
        public ActionResult Login()
        {
            return View();
        }

        // 登录按钮
        [HttpPost]
        public ActionResult Login(string username, string password, string returnUrl)
        {
            bool result = FormsAuthentication.Authenticate(username, password);
            if (result)
            {
                FormsAuthentication.SetAuthCookie(username, false);
                return Redirect(returnUrl ?? Url.Action("Index", "Admin"));
            }
            else
            {
                ModelState.AddModelError("", "Incorrect username or password");
                return View();
            }
        }
    }

3、Login.cshtml

@{
    Layout = null;
}

<!DOCTYPE html>

<html>
<head>
    <meta name="viewport" content="width=device-width" />
    <title></title>
</head>
<body>
    @using (Html.BeginForm())
    {
        @Html.ValidationSummary()
        <p><label>Username:</label><input name="username" type="text" /></p>
        <p><label>Password:</label><input name="password" type="password" /></p>
        <input type="submit" value="Log in"/>
    }
</body>
</html>

4、浏览器输入http://localhost:44324/Account/Login,输入web.config中定义的用户名和密码,成功就会进入Admin/Index页面。

5、其他页面如何进行认证?

1)在action中加Request.IsAuthenticated判断

    public class AdminController : Controller
    {
        // GET: Admin
        public string Index()
        {
            if (!Request.IsAuthenticated)
            {
                FormsAuthentication.RedirectToLoginPage();
            }
            return "welcome to Admin page!";
        }
    }

2)在action方法上加Authorize特性

    public class AdminController : Controller
    {
        // GET: Admin
        [Authorize]
        public string Index()
        {
            return "welcome to Admin page!";
        }
    }

3)在controller上加Authorize特性(所有的action都会应用上)

    [Authorize]
    public class AdminController : Controller
    {
        // GET: Admin
        public string Index()
        {
            return "welcome to Admin page!";
        }
    }