asp.net微软提供的身份验证
最近老师讲了登陆时的另一种验证方式,一般大家都是用session来验证的,老师的这种方法还没见过,网上貌似资料也很少,所以想写篇这方面的文章。其实,这里面的东西我也不是完全明白,只是想跟大家交流交流,争取大家共同把这个知识点弄明白吧。验证过程如下:
首先,在UI层主要代码:
BLL.AccountsPricipal ap = BLL.AccountsPricipal.ValidateUser(userName,passWord);
if (ap != null)
{
//Session["Name"] = userName;通过Session来验证是否为匿名用户.
//获取安全信息上下文..Net提供的一种安全验证模式
Context.User = ap;
FormsAuthentication.SetAuthCookie(userName, false);//创建一个Cookie标示,当推出系统时,自动删除该标示.
Response.Redirect("Manage/Main.htm");
//this.lblMsg.Text = "登录成功!";
}
然后,在BLL层,建立两个类,分别实现System.Security.Principal.IPrincipal接口和System.Security.Principal.IIdentity接口:
实现System.Security.Principal.IPrincipal接口
public class AccountsPricipal:System.Security.Principal.IPrincipal
{
private ArrayList permissionList;//存放用户的权限.
private ArrayList permissionIDList;//存放权限的编号.
private System.Security.Principal.IIdentity identity;//用户的身份标示.
public ArrayList PermissionList
{
get { return permissionList; }
}
public ArrayList PermissionIDList
{
get { return permissionIDList; }
}
User user = new User();
/// <summary>
/// 根据用户的编号,获取用户的权限信息
/// </summary>
/// <param name="userID"></param>
public AccountsPricipal(int userID)
{
permissionList =user.GetPermissionList(userID);//获取权限信息
permissionIDList = user.GetPermissionIDList(userID);//获取权限编号
identity = new Sidentity(userID);//获取用户的信息
}
public AccountsPricipal(string userName)
{
identity = new Sidentity(userName);
permissionList = user.GetPermissionList(((Sidentity)identity).UserID);//获取权限信息
permissionIDList = user.GetPermissionIDList(((Sidentity)identity).UserID);//获取权限编号
}
/// <summary>
/// 进行权限的校验
/// </summary>
/// <returns></returns>
public bool HasPermission(int permissionID)
{
return permissionIDList.Contains(permissionID);//在用户的权限编号中,查找指定的权限
}
/// <summary>
/// 校验用户
/// </summary>
/// <param name="userName"></param>
/// <param name="passWord"></param>
/// <returns></returns>
public static AccountsPricipal ValidateUser(string userName,string passWord)
{
int userID = 0;
User user = new User();
userID=user.ValidateUser(userName,passWord);//验证用户,获取用户的编号
return new AccountsPricipal(userID);
}
#region IPrincipal 成员
public System.Security.Principal.IIdentity Identity //因为要得到这个属性,所以要另建一个类,实现System.Security.Principal.IIdentity接口
{
get { return identity; }
}
public bool IsInRole(string role)
{
throw new NotImplementedException();
}
#endregion
}
实现System.Security.Principal.IIdentity接口:
public class Sidentity:System.Security.Principal.IIdentity
{
private int userID;
public int UserID
{
get { return userID;}
set { userID = value; }
}
private string userName;
public string UserName
{
get { return userName; }
set { userName = value; }
}
private string passWord;
public string PassWord
{
get { return passWord; }
set { passWord = value; }
}
private string trueName;
public string TrueName
{
get { return trueName; }
set { trueName = value; }
}
private string sex;
public string Sex
{
get { return sex; }
set { sex = value; }
}
private string phone;
public string Phone
{
get { return phone; }
set { phone = value; }
}
private string email;
public string Email
{
get { return email; }
set { email = value; }
}
User user = new User();
/// <summary>
/// 通过构造方法获取用户的信息.
/// </summary>
/// <param name="userID"></param>
public Sidentity(int userID)
{
DataRow row =user.GetUserData(userID).Rows[0];//
userID = Convert.ToInt32(row["UserID"]);
userName = row["UserName"].ToString();
sex = row["Sex"].ToString();
passWord = row["Password"].ToString();
phone = row["Phone"].ToString();
email = row["Email"].ToString();
}
public Sidentity()
{
}
/// <summary>
/// 得到所有的用户信息
/// </summary>
/// <returns></returns>
public DataTable GetUser()
{
return user.GetAllUser();
}
#region IIdentity 成员
public string AuthenticationType
{
get { throw new NotImplementedException(); }
}
//验证用户是否已经登录.
public bool IsAuthenticated
{
get { throw new NotImplementedException(); }
}
//获取用户的登录名.
public string Name
{
get { return userName; }
}
#endregion
}
DAL层的主要代码:
public class User
{
/// <summary>
/// 验证用户,获取用户编号
/// </summary>
/// <param name="userName"></param>
/// <param name="passWord"></param>
/// <returns></returns>
public int ValidateUser(string userName, string passWord)
{
string sql = "select UserID from Accounts_Users where UserName=@UserName and Password=@Password";
SqlParameter[] parameter = {
new SqlParameter("@UserName",SqlDbType.VarChar,50),
new SqlParameter("@Password",SqlDbType.VarChar,50)
};
parameter[0].Value = userName;
parameter[1].Value = passWord;
using (SqlDataReader reader = DbHelperSQL.ExecuteReader(sql, parameter))
{
reader.Read();//读取
return reader.GetInt32(0);//返回用户的编号
}
}
/// <summary>
/// 找出权限的编号
/// </summary>
/// <param name="userID"></param>
/// <returns></returns>
public ArrayList GetPermissionIDList(int userID)
{
ArrayList array = new ArrayList();
StringBuilder builder = new StringBuilder();
builder.Append("select p.PermissionID from Accounts_Permissions p inner join ");
builder.Append("Accounts_RolePermissions ur on p.PermissionID=ur.PermissionID where ur.RoleID in(select RoleID from Accounts_UserRoles where UserID=@UserID) ");
SqlParameter[] parameter = { new SqlParameter("@UserID", SqlDbType.Int, 4) };
parameter[0].Value = userID;
using (SqlDataReader reader = DbHelperSQL.ExecuteReader(builder.ToString(), parameter))
{
while (reader.Read())
{
array.Add(reader.GetInt32(0));
}
return array;
}
}
/// <summary>
/// 根据用户的名字取出用户的信息
/// </summary>
/// <param name="userName"></param>
/// <returns></returns>
public DataTable GetUserData(string userName)
{
string sql = "select * from Accounts_Users where UserName=@UserName";
SqlParameter[] parameter = {
new SqlParameter("@UserName",SqlDbType.VarChar,50)};
parameter[0].Value = userName;
using (DataSet ds = DbHelperSQL.Query(sql,parameter))
{
if (ds.Tables[0].Rows.Count > 0)
{
return ds.Tables[0];
}
else
{
return null;
}
}
}
}
代码大概就这么多了,其实其中为什么能够验证我还是不太清楚,哪位高人如果能指点一二的话不胜感激。请在评论中指正。