Asp.net(C#)中基于Forms验证的角色(用户组)验证授权过程
本文已经假设你了解Forms验证的一般知识.
Asp.net中基于Forms验证的角色(用户组)验证授权,其实就是在一般的Forms验证上边加多一个名为UserDate的string内容,
大家可以分三步完成验证:
1,设置web.config
<configuration>
<system.web>
<!-- enable Forms authentication -->
<authentication mode="Forms">
<forms name="AspxAuth" loginUrl="/Login.aspx" timeout="30" protection="All" path="/" />
</authentication>
</system.web>
<!-- 一般的验证区 -->
<location path="MyFavorites.aspx">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
<!-- 角色验证区 -->
<location path="Admin">
<system.web>
<authorization>
<allow roles="Admin" />
<deny users="*" />
</authorization>
</system.web>
</location>
</configuration>
在这里大家要注意:
<allow roles="Admin" />
<deny users="*" />
的顺序,如果反来就谁也进不了了!
2,在login.aspx页面的验证
//定义角色
private void ibtLogin_Click(object sender, System.Web.UI.ImageClickEventArgs e)
{
int UserID = MyAuthentication(UserName,PassWord);//验证一般用户
string userData = "Member";//获取角色字符串
if(MyAdminAuthentication(UserID))//验证用户角色
{
userData = "Admin,Member";
}
System.Web.Security.FormsAuthenticationTicket Ticket = new System.Web.Security.FormsAuthenticationTicket(1,UserID.ToString(),DateTime.Now,DateTime.Now.AddMinutes(30), true,userData) ; //建立身份验证票对象
string HashTicket = System.Web.Security.FormsAuthentication.Encrypt (Ticket) ; //加密序列化验证票为字符串
HttpCookie UserCookie = new HttpCookie(System.Web.Security.FormsAuthentication.FormsCookieName, HashTicket) ; //生成Cookie
Context.Response.Cookies.Add (UserCookie) ; //输出Cookie
// 重定向到用户申请的初始页面
if(Context.Request["ReturnUrl"] != null)
{
Context.Response.Redirect(Context.Request["ReturnUrl"]) ;
}
else
{
Context.Response.Redirect("Default.aspx");
}
}
private int MyAuthentication(string UserName,string PassWord)
{
//验证一般用户
}
private bool MyAdminAuthentication(int UserID)
{
//验证用户角色
}
3,最后是Global.asax了:)
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
HttpApplication HApp = (HttpApplication) sender;
HttpContext HCtx = HApp.Context ; //获取本次Http请求的HttpContext对象
if (HCtx.Request.IsAuthenticated == true) //验证过的一般用户才能进行角色验证
{
System.Web.Security.FormsIdentity Id = (System.Web.Security.FormsIdentity)HCtx.User.Identity ;
System.Web.Security.FormsAuthenticationTicket Ticket = Id.Ticket ; //取得身份验证票
string[] Roles = Ticket.UserData.Split (',') ; //将角色数据转成字符串数组,得到相关的角色信息
HCtx.User = new System.Security.Principal.GenericPrincipal (Id, Roles) ; //这样当前用户就拥有了角色信息了
}
}
哈哈...这样一个基于Forms验证的角色(用户组)验证授权就完成了!^O^
参考文章:
http://www.howtodothings.com/ViewArticle.aspx?Article=31
http://www.cnblogs.com/wuchang/archive/2004/07/26/27474.aspx
Asp.net中基于Forms验证的角色(用户组)验证授权,其实就是在一般的Forms验证上边加多一个名为UserDate的string内容,
大家可以分三步完成验证:
1,设置web.config
<configuration> <system.web> <!-- enable Forms authentication --> <authentication mode="Forms"> <forms name="AspxAuth" loginUrl="/Login.aspx" timeout="30" protection="All" path="/" /> </authentication> </system.web> <!-- 一般的验证区 --> <location path="MyFavorites.aspx"> <system.web> <authorization> <deny users="?" /> </authorization> </system.web> </location> <!-- 角色验证区 --> <location path="Admin"> <system.web> <authorization> <allow roles="Admin" /> <deny users="*" /> </authorization> </system.web> </location> </configuration> <allow roles="Admin" />
<deny users="*" />
的顺序,如果反来就谁也进不了了!
2,在login.aspx页面的验证
//定义角色 private void ibtLogin_Click(object sender, System.Web.UI.ImageClickEventArgs e) { 
int UserID = MyAuthentication(UserName,PassWord);//验证一般用户 string userData = "Member";//获取角色字符串 if(MyAdminAuthentication(UserID))//验证用户角色 { 
userData = "Admin,Member"; } System.Web.Security.FormsAuthenticationTicket Ticket = new System.Web.Security.FormsAuthenticationTicket(1,UserID.ToString(),DateTime.Now,DateTime.Now.AddMinutes(30), true,userData) ; //建立身份验证票对象 string HashTicket = System.Web.Security.FormsAuthentication.Encrypt (Ticket) ; //加密序列化验证票为字符串 HttpCookie UserCookie = new HttpCookie(System.Web.Security.FormsAuthentication.FormsCookieName, HashTicket) ; //生成Cookie Context.Response.Cookies.Add (UserCookie) ; //输出Cookie // 重定向到用户申请的初始页面 if(Context.Request["ReturnUrl"] != null)
{
Context.Response.Redirect(Context.Request["ReturnUrl"]) ;
}
else
{
Context.Response.Redirect("Default.aspx");
}
} private int MyAuthentication(string UserName,string PassWord) { //验证一般用户 } private bool MyAdminAuthentication(int UserID) { //验证用户角色 } 3,最后是Global.asax了:)
protected void Application_AuthenticateRequest(Object sender, EventArgs e) { HttpApplication HApp = (HttpApplication) sender; HttpContext HCtx = HApp.Context ; //获取本次Http请求的HttpContext对象 if (HCtx.Request.IsAuthenticated == true) //验证过的一般用户才能进行角色验证 { System.Web.Security.FormsIdentity Id = (System.Web.Security.FormsIdentity)HCtx.User.Identity ; System.Web.Security.FormsAuthenticationTicket Ticket = Id.Ticket ; //取得身份验证票 string[] Roles = Ticket.UserData.Split (',') ; //将角色数据转成字符串数组,得到相关的角色信息 HCtx.User = new System.Security.Principal.GenericPrincipal (Id, Roles) ; //这样当前用户就拥有了角色信息了 } } 参考文章:
http://www.howtodothings.com/ViewArticle.aspx?Article=31
http://www.cnblogs.com/wuchang/archive/2004/07/26/27474.aspx
