本文介绍了一个ASP.NET应用程序的身份验证和授权实现方式,包括登录页面的HTML结构、后端验证逻辑及Web.config配置示例。
今天闲着无聊.想起来了ASP.NET身份验证.感觉良好.贴出下列代码:
login.aspx HTML代码
1
<%@ Page language="c#" Codebehind="02Login.aspx.cs" AutoEventWireup="false" Inherits="身份验证._02Login" %>2
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >3
<HTML>4
<HEAD>5
<title>02Login</title>6
<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">7
<meta name="CODE_LANGUAGE" Content="C#">8
<meta name="vs_defaultClientScript" content="JavaScript">9
<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">10
</HEAD>11
<body MS_POSITIONING="GridLayout">12
<form id="Form1" method="post" runat="server">13
<FONT face="宋体">14
<TABLE id="Table1" style="Z-INDEX: 102; LEFT: 152px; WIDTH: 446px; POSITION: absolute; TOP: 80px; HEIGHT: 72px"15
cellSpacing="1" cellPadding="1" width="446" border="1">16
<TR>17
<TD>18
<asp:label id="Label1" runat="server">用户名称:</asp:label></TD>19
<TD>20
<asp:textbox id="tbName" runat="server" Width="183px"></asp:textbox></TD>21
<TD>22
<asp:requiredfieldvalidator id="RequiredFieldValidator1" runat="server" ErrorMessage="用户名不能为空!" ControlToValidate="tbName"></asp:requiredfieldvalidator></TD>23
</TR>24
<TR>25
<TD>26
<asp:label id="Label2" runat="server">密码:</asp:label></TD>27
<TD>28
<asp:textbox id="tbPass" runat="server" Width="183px"></asp:textbox></TD>29
<TD>30
<asp:requiredfieldvalidator id="RequiredFieldValidator2" runat="server" ErrorMessage="密码不能为空!" ControlToValidate="tbPass"></asp:requiredfieldvalidator></TD>31
</TR>32
<TR>33
<TD><FONT face="宋体">是否保存Cookie</FONT></TD>34
<TD>35
<asp:checkbox id="PersistCookie" runat="server"></asp:checkbox></TD>36
<TD></TD>37
</TR>38
</TABLE>39
<asp:button id="btnLoginBetter" style="Z-INDEX: 101; LEFT: 288px; POSITION: absolute; TOP: 240px"40
runat="server" Width="78px" Text="登录"></asp:button>41
<asp:HyperLink id="HyperLink1" style="Z-INDEX: 103; LEFT: 456px; POSITION: absolute; TOP: 240px"42
runat="server" NavigateUrl="Default.aspx">HyperLink</asp:HyperLink></FONT>43
</form>44
</body>45
</HTML>
login.aspx.cs代码如下
private void btnLoginBetter_Click(object sender, System.EventArgs e) 
{
if (this.tbName.Text == "admin" && this.tbPass.Text == "admin")
{ FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,this.tbName.Text,DateTime.Now,DateTime.Now.AddMinutes(30),this.PersistCookie.Checked,"User");//创建一个验证票据 string cookieStr = FormsAuthentication.Encrypt(ticket);进行加密 HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName,cookieStr);创建一个cookie,cookie名为web.config设置的名,值为加密后的数据cookieStr, if (this.PersistCookie.Checked)//判断用户是否选中保存cookie cookie.Expires = ticket.Expiration;//获取cookie过期时间 cookie.Path = FormsAuthentication.FormsCookiePath;//设置cookie保存路径 Response.Cookies.Add(cookie); string strRedirect; strRedirect = Request["ReturnUrl"];//取出返回url if (strRedirect == null) strRedirect = "Default.aspx"; Response.Redirect(strRedirect,true);
} else { Response.Write("<script>alert('帐号或密码错误!');self.location.href='02login.aspx'</script>"); }
}
Default.aspx HTML代码
<body MS_POSITIONING="GridLayout"> <form id="Form1" method="post" runat="server"> <FONT face="宋体"> <asp:Label id="Label1" style="Z-INDEX: 106; LEFT: 224px; POSITION: absolute; TOP: 72px" runat="server">用户名称:</asp:Label> <asp:Label id="Label2" style="Z-INDEX: 102; LEFT: 220px; POSITION: absolute; TOP: 136px" runat="server">身份:</asp:Label> <asp:Label id="lbUser" style="Z-INDEX: 103; LEFT: 350px; POSITION: absolute; TOP: 79px" runat="server"></asp:Label> <asp:Label id="lbSf" style="Z-INDEX: 104; LEFT: 355px; POSITION: absolute; TOP: 133px" runat="server"></asp:Label> <asp:Button id="btnLogout" style="Z-INDEX: 105; LEFT: 261px; POSITION: absolute; TOP: 192px" runat="server" Text="注销" Width="101px"></asp:Button></FONT> </form> </body>
后置代码
private void Page_Load(object sender, System.EventArgs e) { this.lbUser.Text = User.Identity.Name; if (User.IsInRole("Admin")) this.lbSf.Text = "Admin"; else this.lbSf.Text = "User"; } Web 窗体设计器生成的代码#region Web 窗体设计器生成的代码 override protected void OnInit(EventArgs e) { // // CODEGEN: 该调用是 ASP.NET Web 窗体设计器所必需的。 // InitializeComponent(); base.OnInit(e); } /**//// <summary> /// 设计器支持所需的方法 - 不要使用代码编辑器修改 /// 此方法的内容。 /// </summary> private void InitializeComponent() { this.btnLogout.Click += new System.EventHandler(this.btnLogout_Click); this.Load += new System.EventHandler(this.Page_Load); } #endregion private void btnLogout_Click(object sender, System.EventArgs e) { FormsAuthentication.SignOut();//注销票 Response.Redirect("login.aspx",true);返回login.aspx页面 }
webconfig配置如下
<authentication mode="Forms" >
<forms name=".SecurityDemo" loginUrl="login.aspx">//.SecurityDemo为cookie名,
</forms>
</authentication>
<authorization>
<deny users="?"/> //拒绝所有匿名用户
<allow roles="admins"/>//允许管理级别用户访问
</authorization>
自我感觉ASP写多了,一般是用session进行判断用户是否合法,但在一个ASP.NET项目中使用身份验证,基本上所有页面都要验证才能访问,可以在web.config页面对指定的页面设置权限,设置代码如下
<location path="admin">
<system.web>
<authorization>
<deny users="*" />
<allow roles="paley"/>
</authorization>
</system.web>
</location>
已看资料修如上.对admin文件夹设置权限,拒绝所有用户,允许paley访问
扫一扫
1444
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
