ASP.NET内置票据认证
1、 在根目录建立一个Global.asax文件,烤入一段代码
1 protected void Application_AuthenticateRequest(object SENDER, EventArgs e)
2 {
3 if (HttpContext.Current.User != null)
4 {
5 if (HttpContext.Current.User.Identity.IsAuthenticated)
6 {
7 if (HttpContext.Current.User.Identity is FormsIdentity)
8 {
9 FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
10 FormsAuthenticationTicket tiecket = id.Ticket;
11 string userData = tiecket.UserData;
12 string[] roles = userData.Split(',');
13 HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(id, roles);
14 }
15 }
16 }
17 }
2、在web.config 文件中配置目录权限及登录页
登录页,在system.web节点中
1 <authentication mode="Forms">
2 <forms name="mycook" loginUrl="login.aspx" protection="All" path="/"/>
3 </authentication>
配置目录权限,在system.web节点外面
1 <location path="admin">
2 <system.web>
3 <authorization>
4 <allow roles="admin"/>
5 <deny users="*"/>
6 </authorization>
7 </system.web>
8 </location>
9 <location path="user">
10 <system.web>
11 <authorization>
12 <allow roles="user"/>
13 <deny users="*"/>
14 </authorization>
15 </system.web>
16 </location>
17 <location path="admin/admin_login.aspx">
18 <system.web>
19 <authorization>
20 <allow users="*"/>
21 </authorization>
22 </system.web>
23 </location>
24 <location path="user/user_login.aspx">
25 <system.web>
26 <authorization>
27 <allow users="*"/>
28 </authorization>
29 </system.web>
30 </location>
3、在登录页的登录事件中的登录成功后烤入一段代码
// string roles = "admin"; 代表用户角色 新添加
string roles = "admin";
HttpCookie cook;
string strReturnURL;
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, user, DateTime.Now, DateTime.Now.AddMinutes(30), false, roles);
cook = new HttpCookie("mycook");
cook.Value = FormsAuthentication.Encrypt(ticket);
Response.Cookies.Add(cook);
strReturnURL = Request.Params["ReturnUrl"];
if (strReturnURL != null && strReturnURL.Contains(".aspx"))
{
Response.Redirect(strReturnURL);
}
else
{
Session["已经登录"] = true;
Response.Redirect("index.aspx");
}
后台页面调用登录的用户名实例:
litname.Text= User.Identity.Name.ToString();
这样基本上就可以了
但是有个疑问 如果是多用户系统,用户没有登录就跳转到用户的登录页怎么办呢?
刚上面的办法是没办法跳转到2个登录页面的 这时候我们就需要建立一个中间的跳转登录页来根据ReturnURL中是否包含
admin 或者user来判断跳转到哪个登录页面了
建立 login_redirect.aspx
1 using System;
2 using System.Collections.Generic;
3 using System.Linq;
4 using System.Web;
5 using System.Web.UI;
6 using System.Web.UI.WebControls;
7
8 namespace xh.shop.web
9 {
10 public partial class login_redirect : System.Web.UI.Page
11 {
12 protected void Page_Load(object sender, EventArgs e)
13 {
14 string strReturnURL = Request.Params["ReturnUrl"];
15 if (strReturnURL != null && strReturnURL.Contains("admin"))
16
17 //包含的字段
18 {
19 Response.Redirect("admin/login.aspx?ReturnUrl=" + strReturnURL);
20
21 //如果包含admin则跳转到否则跳转到***
22 }
23 else
24 { Response.Redirect("index.aspx?ReturnUrl=" + strReturnURL);}
25
26 }
27 }
28 }
最后config里面的loginurl改成 login_redirect.aspx就可以了
1 <authentication mode="Forms">
2 <forms name="mycook" loginUrl="login.aspx" protection="All" path="/"/>
3 </authentication>
正文补充知识:
可以用登录控件直接显示登录状态 登录名等
<asp:LoginViewID="LoginView1" runat="server"><AnonymousTemplate> 没有登录显示的样式 </AnonymousTemplate><LoggedInTemplate> 登录后显示的样式 <br /><br /><br/><br /> 你好! <asp:LoginNameID="LoginName1" runat="server"/><asp:LoginStatusID="LoginStatus1" runat="server"/></LoggedInTemplate></asp:LoginView>
注销函数
//首先引入using System.Web.Security;protectedvoid loginout(object sender, EventArgs e) {
FormsAuthentication.SignOut(); //注销当前登录用户}
