[转载]Asp.net(C#)中基于Forms验证的角色(用户组)验证授权过程
本文已经假设你了解Forms验证的一般知识.
Asp.net中基于Forms验证的角色(用户组)验证授权,其实就是在一般的Forms验证上边加多一个名为UserDate的string内容,
大家可以分三步完成验证:
1,设置web.config
<configuration>
<system.web>
<!-- enable Forms authentication -->
<authentication mode="Forms">
<forms name="AspxAuth" loginUrl="/Login.aspx" timeout="30" protection="All" path="/" />
</authentication>
</system.web>
<!-- 一般的验证区 -->
<location path="MyFavorites.aspx">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
<!-- 角色验证区 -->
<location path="Admin">
<system.web>
<authorization>
<allow roles="Admin" />
<deny users="*" />
</authorization>
</system.web>
</location>
</configuration>
在这里大家要注意:
<allow roles="Admin" />
<deny users="*" />
的顺序,如果反来就谁也进不了了!
2,在login.aspx页面的验证
//定义角色
private void ibtLogin_Click(object sender, System.Web.UI.ImageClickEventArgs e)
{
int UserID = MyAuthentication(UserName,PassWord);//验证一般用户
string userData = "Member";//获取角色字符串
if(MyAdminAuthentication(UserID))//验证用户角色
{
userData = "Admin,Member";
}
FormsAuthenticationTicket Ticket = new FormsAuthenticationTicket(1,UserID.ToString(),DateTime.Now,DateTime.Now.AddMinutes(30), true,userData) ; //建立身份验证票对象
string HashTicket = FormsAuthentication.Encrypt (Ticket) ; //加密序列化验证票为字符串
HttpCookie UserCookie = new HttpCookie(FormsAuthentication.FormsCookieName, HashTicket) ; //生成Cookie
Context.Response.Cookies.Add (UserCookie) ; //输出Cookie
// 重定向到用户申请的初始页面
Context.Response.Redirect (Context.Request["ReturnUrl"]) ; // 重定向到用户申请的初始页面
}
private int MyAuthentication(string UserName,string PassWord)
{
//验证一般用户
}
private bool MyAdminAuthentication(int UserID)
{
//验证用户角色
}
3,最后是Global.asax了:)
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
HttpApplication HApp = (HttpApplication) sender;
HttpContext HCtx = HApp.Context ; //获取本次Http请求的HttpContext对象
if (HCtx.Request.IsAuthenticated == true) //验证过的一般用户才能进行角色验证
{
System.Web.Security.FormsIdentity Id = (System.Web.Security.FormsIdentity)HCtx.User.Identity ;
System.Web.Security.FormsAuthenticationTicket Ticket = Id.Ticket ; //取得身份验证票
string[] Roles = Ticket.UserData.Split (',') ; //将角色数据转成字符串数组,得到相关的角色信息
HCtx.User = new System.Security.Principal.GenericPrincipal (Id, Roles) ; //这样当前用户就拥有了角色信息了
}
}
哈哈...这样一个基于Forms验证的角色(用户组)验证授权就完成了!^O^
参考文章:
http://www.howtodothings.com/ViewArticle.aspx?Article=31
http://www.cnblogs.com/wuchang/archive/2004/07/26/27474.aspx
Asp.net中基于Forms验证的角色(用户组)验证授权,其实就是在一般的Forms验证上边加多一个名为UserDate的string内容,
大家可以分三步完成验证:
1,设置web.config
<configuration>
<system.web>
<!-- enable Forms authentication -->
<authentication mode="Forms">
<forms name="AspxAuth" loginUrl="/Login.aspx" timeout="30" protection="All" path="/" />
</authentication>
</system.web>
<!-- 一般的验证区 -->
<location path="MyFavorites.aspx">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
<!-- 角色验证区 -->
<location path="Admin">
<system.web>
<authorization>
<allow roles="Admin" />
<deny users="*" />
</authorization>
</system.web>
</location>
</configuration>
<allow roles="Admin" />
<deny users="*" />
的顺序,如果反来就谁也进不了了!
2,在login.aspx页面的验证
//定义角色
private void ibtLogin_Click(object sender, System.Web.UI.ImageClickEventArgs e)
{
int UserID = MyAuthentication(UserName,PassWord);//验证一般用户
string userData = "Member";//获取角色字符串
if(MyAdminAuthentication(UserID))//验证用户角色
{
userData = "Admin,Member";
}
FormsAuthenticationTicket Ticket = new FormsAuthenticationTicket(1,UserID.ToString(),DateTime.Now,DateTime.Now.AddMinutes(30), true,userData) ; //建立身份验证票对象
string HashTicket = FormsAuthentication.Encrypt (Ticket) ; //加密序列化验证票为字符串
HttpCookie UserCookie = new HttpCookie(FormsAuthentication.FormsCookieName, HashTicket) ; //生成Cookie
Context.Response.Cookies.Add (UserCookie) ; //输出Cookie
// 重定向到用户申请的初始页面
Context.Response.Redirect (Context.Request["ReturnUrl"]) ; // 重定向到用户申请的初始页面
}
private int MyAuthentication(string UserName,string PassWord)
{
//验证一般用户
}
private bool MyAdminAuthentication(int UserID)
{
//验证用户角色
}
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
HttpApplication HApp = (HttpApplication) sender;
HttpContext HCtx = HApp.Context ; //获取本次Http请求的HttpContext对象
if (HCtx.Request.IsAuthenticated == true) //验证过的一般用户才能进行角色验证
{
System.Web.Security.FormsIdentity Id = (System.Web.Security.FormsIdentity)HCtx.User.Identity ;
System.Web.Security.FormsAuthenticationTicket Ticket = Id.Ticket ; //取得身份验证票
string[] Roles = Ticket.UserData.Split (',') ; //将角色数据转成字符串数组,得到相关的角色信息
HCtx.User = new System.Security.Principal.GenericPrincipal (Id, Roles) ; //这样当前用户就拥有了角色信息了
}
}
参考文章:
http://www.howtodothings.com/ViewArticle.aspx?Article=31
http://www.cnblogs.com/wuchang/archive/2004/07/26/27474.aspx
