Form验证
修改应用程序根目录下的web.config文件,设置应用程序的验证模式为表单验证。
<system.web>
<authentication mode="Forms">
<forms loginUrl="/Login.aspx"></forms>
</authentication>
</system.web>
在限制访问的目录下创建一个web.config文件,修改authorization配置节阻止匿名用户的访问。
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
如果在限制访问的目录下有部分信息可以随意访问,比如简介、帮助等,可以追加如下设置,实现匿名用户访问help.aspx页面:
<location path="help.aspx">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
登录:
View Code
private void DoLogin()
{
string ticketName = "UserId";
string userData = "UserName_Roles_OtherInfo";
//票证版本号,票证相关用户名,票证产生时间,票证过期的时间,持久性cookie保存,保存的用户数据,票证cookie保存路径
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket
(1, ticketName, DateTime.Now, DateTime.Now.AddMinutes(60), false, userData, FormsAuthentication.FormsCookiePath);
//加密序列化验证票为字符串
string encTicket = FormsAuthentication.Encrypt(ticket);
//用默认名称生成Cookie
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket);
//修改默认Domain,使下级域名也能访问这个cookie
cookie.Domain = Request.Url.Host.Replace("www.", "").Replace("localhost", "");
//指定统一的Path,比便能通存通取
cookie.Path = FormsAuthentication.FormsCookiePath;
//输出Cookie
HttpContext.Current.Response.Cookies.Add(cookie);
//更新用户信息,如记录最近登录时间,登录IP
//重定向到用户申请的初始页面,默认参数值
HttpContext.Current.Response.Redirect(HttpContext.Current.Request["ReturnUrl"]);
}
{
string ticketName = "UserId";
string userData = "UserName_Roles_OtherInfo";
//票证版本号,票证相关用户名,票证产生时间,票证过期的时间,持久性cookie保存,保存的用户数据,票证cookie保存路径
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket
(1, ticketName, DateTime.Now, DateTime.Now.AddMinutes(60), false, userData, FormsAuthentication.FormsCookiePath);
//加密序列化验证票为字符串
string encTicket = FormsAuthentication.Encrypt(ticket);
//用默认名称生成Cookie
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket);
//修改默认Domain,使下级域名也能访问这个cookie
cookie.Domain = Request.Url.Host.Replace("www.", "").Replace("localhost", "");
//指定统一的Path,比便能通存通取
cookie.Path = FormsAuthentication.FormsCookiePath;
//输出Cookie
HttpContext.Current.Response.Cookies.Add(cookie);
//更新用户信息,如记录最近登录时间,登录IP
//重定向到用户申请的初始页面,默认参数值
HttpContext.Current.Response.Redirect(HttpContext.Current.Request["ReturnUrl"]);
}
登出:
View Code
private void DoLogout()
{
//Logout操作:清除票证信息后地址转向
if (HttpContext.Current.Request.IsAuthenticated)
{
//读取存放的票据,等价((FormsIdentity)HttpContext.Current.User.Identity).Ticket
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName].Value);
//获取用户数据,业务处理
string UserId = ticket.Name; //产生票证时ticket.Name存放的是用户ID
string UserInfo = ticket.UserData; //其它信息
//删除票证
FormsAuthentication.SignOut();
//不同域名共用cookie的移除
//在服务器端的集合中移除,但客户端的cookie还存在
HttpContext.Current.Response.Cookies.Remove(FormsAuthentication.FormsCookieName);
//用空的过期cookie覆盖客户端原来的cookie
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, string.Empty);
cookie.Expires = DateTime.Now.AddMinutes(-1); //设置cookie超时
cookie.Path = FormsAuthentication.FormsCookiePath;
cookie.Domain = Request.Url.Host.Replace("www.", "").Replace("localhost", "");
HttpContext.Current.Response.Cookies.Set(cookie);
//如果后面不接跳转操作,只有再次操作时才会跳转
//转向登录页
//FormsAuthentication.RedirectToLoginPage(); //可向登录页传递参数,函数参数"LoginPageParam=ParamValue&a=b"
//或自定义转向,在需要登录或用户中心相关页
if (!string.IsNullOrEmpty(HttpContext.Current.Request.QueryString["NeedLogin"]) || HttpContext.Current.Request.UrlReferrer.AbsoluteUri.ToLower().IndexOf("/user/") > 0)
HttpContext.Current.Response.Redirect("/index.aspx");
else
HttpContext.Current.Response.Redirect(HttpContext.Current.Request.UrlReferrer.AbsoluteUri);
}
}
{
//Logout操作:清除票证信息后地址转向
if (HttpContext.Current.Request.IsAuthenticated)
{
//读取存放的票据,等价((FormsIdentity)HttpContext.Current.User.Identity).Ticket
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName].Value);
//获取用户数据,业务处理
string UserId = ticket.Name; //产生票证时ticket.Name存放的是用户ID
string UserInfo = ticket.UserData; //其它信息
//删除票证
FormsAuthentication.SignOut();
//不同域名共用cookie的移除
//在服务器端的集合中移除,但客户端的cookie还存在
HttpContext.Current.Response.Cookies.Remove(FormsAuthentication.FormsCookieName);
//用空的过期cookie覆盖客户端原来的cookie
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, string.Empty);
cookie.Expires = DateTime.Now.AddMinutes(-1); //设置cookie超时
cookie.Path = FormsAuthentication.FormsCookiePath;
cookie.Domain = Request.Url.Host.Replace("www.", "").Replace("localhost", "");
HttpContext.Current.Response.Cookies.Set(cookie);
//如果后面不接跳转操作,只有再次操作时才会跳转
//转向登录页
//FormsAuthentication.RedirectToLoginPage(); //可向登录页传递参数,函数参数"LoginPageParam=ParamValue&a=b"
//或自定义转向,在需要登录或用户中心相关页
if (!string.IsNullOrEmpty(HttpContext.Current.Request.QueryString["NeedLogin"]) || HttpContext.Current.Request.UrlReferrer.AbsoluteUri.ToLower().IndexOf("/user/") > 0)
HttpContext.Current.Response.Redirect("/index.aspx");
else
HttpContext.Current.Response.Redirect(HttpContext.Current.Request.UrlReferrer.AbsoluteUri);
}
}
