在看2.0里的基于角色的安全技术,用了用提供的一些控件,如LOGIN控件,注册控件等,写了一些代码,贴出来给自己留个底底。
没有用它的那个自带的ASPNETDB.MDF的库,直接连接的我本地的SQL。连接代码在web.config中,在CS里直接读取。
在web.config中重新定义了membership和roleManager,指向了我自己的类,覆写了基类的一些东东。在web.config中规定了页面需要的权限,实现了分权限的浏览。
覆写了RoleProvider中的GetRolesForUser和GetAllRoles方法,用来判断我在自己数据库里定义的权限。
覆写了MembershipProvider中的Initialize、CreateUser、MinRequiredPasswordLength、RequiresQuestionAndAnswer以及ValidateUser方法,实现操作自己指定的数据库。
大概的方法就是这些了,如果自己要是想写删除更新什么的,覆写相对应的方法就好了。
具体程序代码如下,给出了MyRole.cs、MyMemberShip.cs和web.config的全部代码。前台拖拖控件就好了,代码不再给出。
MyMemberShip.cs
using System;using System.Data;using System.Configuration;using System.Web;using System.Web.Security;using System.Web.UI;using System.Web.UI.WebControls;using System.Web.UI.WebControls.WebParts;using System.Web.UI.HtmlControls;using System.Data.OleDb;using System.Data.SqlClient;
/// <summary>
/// MyMemberShip 的摘要说明
/// </summary>public class MyMemberShip : MembershipProvider{
public MyMemberShip()
{
// // TODO: 在此处添加构造函数逻辑 //
} string connectionstring = ConfigurationManager.ConnectionStrings["SqlServices"].ConnectionString.ToString(); private bool _requiresQuestionAndAnswer; private int _minRequiredPasswordLength; public override void Initialize(string name, System.Collections.Specialized.NameValueCollection config) { if (config["requiresQuestionAndAnswer"].ToLower() == "true") { _requiresQuestionAndAnswer = true; } else { _requiresQuestionAndAnswer = false; } int.TryParse(config["minRequiredPasswordLength"], out _minRequiredPasswordLength); //connStr = config["connectionString"]; base.Initialize(name, config); } public override string ApplicationName { get { throw new Exception("The method or operation is not implemented."); } set { throw new Exception("The method or operation is not implemented."); } } public override bool ChangePassword(string username, string oldPassword, string newPassword) { throw new Exception("The method or operation is not implemented."); } public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer) { throw new Exception("The method or operation is not implemented."); } public override MembershipUser CreateUser(string username,string password,string email,string passwordQuestion,string passwordAnswer,bool isApproved,Object providerUserKey,out MembershipCreateStatus status) { using (SqlConnection conn = new SqlConnection(connectionstring)) { SqlCommand comm = new SqlCommand(); comm.CommandText = "insert into users(u_name,u_pwd,u_role) values(@cname,@cpwd,@crole)"; comm.Parameters.AddWithValue("@cname", username); comm.Parameters.AddWithValue("@cpwd", password); comm.Parameters.AddWithValue("@crole", "guest"); comm.Connection = conn; conn.Open(); comm.ExecuteNonQuery(); MembershipUser user = new MembershipUser("MyMemberShip", username, providerUserKey, email, passwordQuestion, "", isApproved, true, DateTime.Now, DateTime.Now, DateTime.Now, DateTime.Now, DateTime.Now); status = MembershipCreateStatus.Success; return user; } } public override bool DeleteUser(string username, bool deleteAllRelatedData) { throw new Exception("The method or operation is not implemented."); } public override bool EnablePasswordReset { get { throw new Exception("The method or operation is not implemented."); } } public override bool EnablePasswordRetrieval { get { throw new Exception("The method or operation is not implemented."); } } public override MembershipUserCollection FindUsersByEmail(string emailToMatch, int pageIndex, int pageSize, out int totalRecords) { throw new Exception("The method or operation is not implemented."); } public override MembershipUserCollection FindUsersByName(string usernameToMatch, int pageIndex, int pageSize, out int totalRecords) { throw new Exception("The method or operation is not implemented."); } public override MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords) { throw new Exception("The method or operation is not implemented."); } public override int GetNumberOfUsersOnline() { throw new Exception("The method or operation is not implemented."); } public override string GetPassword(string username, string answer) { throw new Exception("The method or operation is not implemented."); } public override MembershipUser GetUser(string username, bool userIsOnline) { throw new Exception("The method or operation is not implemented."); } public override MembershipUser GetUser(object providerUserKey, bool userIsOnline) { throw new Exception("The method or operation is not implemented."); } public override string GetUserNameByEmail(string email) { throw new Exception("The method or operation is not implemented."); } public override int MaxInvalidPasswordAttempts { get { throw new Exception("The method or operation is not implemented."); } } public override int MinRequiredNonAlphanumericCharacters { get { throw new Exception("The method or operation is not implemented."); } } public override int MinRequiredPasswordLength { get { return _minRequiredPasswordLength; } } public override int PasswordAttemptWindow { get { throw new Exception("The method or operation is not implemented."); } } public override MembershipPasswordFormat PasswordFormat { get { throw new Exception("The method or operation is not implemented."); } } public override string PasswordStrengthRegularExpression { get { throw new Exception("The method or operation is not implemented."); } } public override bool RequiresQuestionAndAnswer { get { return _requiresQuestionAndAnswer; } } public override bool RequiresUniqueEmail { get { throw new Exception("The method or operation is not implemented."); } } public override string ResetPassword(string username, string answer) { throw new Exception("The method or operation is not implemented."); } public override bool UnlockUser(string userName) { throw new Exception("The method or operation is not implemented."); } public override void UpdateUser(MembershipUser user) { throw new Exception("The method or operation is not implemented."); } public override bool ValidateUser(string username, string password) { using (SqlConnection conn = new SqlConnection(connectionstring)) { SqlCommand comm = new SqlCommand(); comm.CommandText = "select count(0) from users where u_name=@cname and u_pwd=@cpwd"; comm.Parameters.AddWithValue("@cname", username); comm.Parameters.AddWithValue("@cpwd", password); comm.Connection = conn; conn.Open(); return ((int)comm.ExecuteScalar()) > 0 ? true : false; } }}MyRole.cs
using System;using System.Data;using System.Configuration;using System.Web;using System.Web.Security;using System.Web.UI;using System.Web.UI.WebControls;using System.Web.UI.WebControls.WebParts;using System.Web.UI.HtmlControls;using System.Data.OleDb;using System.Data.SqlClient;/// <summary>/// MyRole 的摘要说明/// </summary>public class MyRole : RoleProvider{ public MyRole() { // // TODO: 在此处添加构造函数逻辑 // } string connectionstring = ConfigurationManager.ConnectionStrings["SqlServices"].ConnectionString.ToString(); public override void AddUsersToRoles(string[] usernames, string[] roleNames) { throw new Exception("The method or operation is not implemented."); } public override string ApplicationName { get { throw new Exception("The method or operation is not implemented."); } set { throw new Exception("The method or operation is not implemented."); } } public override void CreateRole(string roleName) { throw new Exception("The method or operation is not implemented."); } public override bool DeleteRole(string roleName, bool throwOnPopulatedRole) { throw new Exception("The method or operation is not implemented."); } public override string[] FindUsersInRole(string roleName, string usernameToMatch) { throw new Exception("The method or operation is not implemented."); } public override string[] GetAllRoles() { return new string[] { "admin", "guest" }; } public override string[] GetRolesForUser(string username) { string[] tmp = new string[] { }; using (SqlConnection conn = new SqlConnection(connectionstring)) { SqlCommand comm = new SqlCommand(); comm.CommandText = "select top 1 * from users where u_name=@name"; comm.Parameters.AddWithValue("@name", username); comm.Connection = conn; conn.Open(); using (SqlDataReader dr = comm.ExecuteReader()) { if (dr.Read()) { tmp = dr["U_role"].ToString().Split(','); } } conn.Close(); } return tmp; } public override string[] GetUsersInRole(string roleName) { throw new Exception("The method or operation is not implemented."); } public override bool IsUserInRole(string username, string roleName) { using (SqlConnection conn = new SqlConnection(connectionstring)) { SqlCommand comm = new SqlCommand(); comm.CommandText = "select top 1 * from users where u_name=@name and u_role=@role"; comm.Parameters.AddWithValue("@name", username); comm.Parameters.AddWithValue("@role", roleName); comm.Connection = conn; conn.Open(); using (SqlDataReader dr = comm.ExecuteReader()) { if (dr.HasRows) { return true; } return false; } } } public override void RemoveUsersFromRoles(string[] usernames, string[] roleNames) { throw new Exception("The method or operation is not implemented."); } public override bool RoleExists(string roleName) { throw new Exception("The method or operation is not implemented."); }}web.config
<?xml version="1.0"?><configuration> <appSettings/> <connectionStrings> <add name="SqlServices" connectionString="server=;database=;uid=;pwd=;" providerName="System.Data.SqlClient" /> </connectionStrings> <system.web> <compilation debug="true"/> <authentication mode="Forms"> <forms defaultUrl="default.aspx" loginUrl="userlogin.aspx" path="/" name="mytest"/> </authentication> <membership defaultProvider="MyMemberShip" userIsOnlineTimeWindow="20"> <providers> <remove name="AspNetSqlProvider" /> <add name="MyMemberShip" type="MyMemberShip" connectionStringName="SqlServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" passwordFormat="Hashed" applicationName="/" /> </providers> </membership> <roleManager defaultProvider="MyRole" enabled="true"> <providers> <add name="MyRole" type="MyRole"/> </providers> </roleManager> </system.web> <location path="admin.aspx"> <system.web> <authorization> <allow roles="admin"/> <deny users="*"/> </authorization> </system.web> </location> <location path="guest.aspx"> <system.web> <authorization> <allow roles="guest"/> <deny users="*"/> </authorization> </system.web> </location></configuration>User.Identity.Name可以直接得到登录的名称,有一定的声明周期,可以在WEB.CONFIG中进行修改。
admin.aspx.cs
public partial class admin : System.Web.UI.Page{ protected void Page_Load(object sender, EventArgs e) { Response.Write("您的登录名称:" + User.Identity.Name + " <br>权限为:"); foreach (string s in Roles.GetRolesForUser()) { Response.Write("<li>" + s + "</li>"); } }}
