asp.net身份验证和授权

今天闲着无聊．想起来了ASP.NET身份验证．感觉良好．贴出下列代码:

login.aspx HTML代码

1<%@ Page language="c#" Codebehind="02Login.aspx.cs" AutoEventWireup="false" Inherits="身份验证._02Login" %>

2<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

3<HTML>

4 <HEAD>

5 <title>02Login</title>

6 <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">

7 <meta name="CODE_LANGUAGE" Content="C#">

8 <meta name="vs_defaultClientScript" content="JavaScript">

9 <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">

10 </HEAD>

11 <body MS_POSITIONING="GridLayout">

12 <form id="Form1" method="post" runat="server">

13 <FONT face="宋体">

14 <TABLE id="Table1" style="Z-INDEX: 102; LEFT: 152px; WIDTH: 446px; POSITION: absolute; TOP: 80px; HEIGHT: 72px"

15 cellSpacing="1" cellPadding="1" width="446" border="1">

16 <TR>

17 <TD>

18 <asp:label id="Label1" runat="server">用户名称：</asp:label></TD>

19 <TD>

20 <asp:textbox id="tbName" runat="server" Width="183px"></asp:textbox></TD>

21 <TD>

22 <asp:requiredfieldvalidator id="RequiredFieldValidator1" runat="server" ErrorMessage="用户名不能为空！" ControlToValidate="tbName"></asp:requiredfieldvalidator></TD>

23 </TR>

24 <TR>

25 <TD>

26 <asp:label id="Label2" runat="server">密码：</asp:label></TD>

27 <TD>

28 <asp:textbox id="tbPass" runat="server" Width="183px"></asp:textbox></TD>

29 <TD>

30 <asp:requiredfieldvalidator id="RequiredFieldValidator2" runat="server" ErrorMessage="密码不能为空！" ControlToValidate="tbPass"></asp:requiredfieldvalidator></TD>

31 </TR>

32 <TR>

33 <TD><FONT face="宋体">是否保存Cookie</FONT></TD>

34 <TD>

35 <asp:checkbox id="PersistCookie" runat="server"></asp:checkbox></TD>

36 <TD></TD>

37 </TR>

38 </TABLE>

39 <asp:button id="btnLoginBetter" style="Z-INDEX: 101; LEFT: 288px; POSITION: absolute; TOP: 240px"

40 runat="server" Width="78px" Text="登录"></asp:button>

41 <asp:HyperLink id="HyperLink1" style="Z-INDEX: 103; LEFT: 456px; POSITION: absolute; TOP: 240px"

42 runat="server" NavigateUrl="Default.aspx">HyperLink</asp:HyperLink></FONT>

43 </form>

44 </body>

45</HTML>

login.aspx.cs代码如下

private void btnLoginBetter_Click(object sender, System.EventArgs e)

{

if (this.tbName.Text == "admin" && this.tbPass.Text == "admin")

{

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,this.tbName.Text,DateTime.Now,DateTime.Now.AddMinutes(30),this.PersistCookie.Checked,"User");//创建一个验证票据

string cookieStr = FormsAuthentication.Encrypt(ticket);进行加密

HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName,cookieStr);创建一个cookie，cookie名为web.config设置的名,值为加密后的数据cookieStr,

if (this.PersistCookie.Checked)//判断用户是否选中保存cookie

cookie.Expires = ticket.Expiration;//获取cookie过期时间

cookie.Path = FormsAuthentication.FormsCookiePath;//设置cookie保存路径

Response.Cookies.Add(cookie);

string strRedirect;

strRedirect = Request["ReturnUrl"];//取出返回url

if (strRedirect == null)

strRedirect = "Default.aspx";

Response.Redirect(strRedirect,true);

}

else

{

Response.Write("<script>alert('帐号或密码错误!');self.location.href='02login.aspx'</script>");

}

}

Default.aspxHTML代码

<body MS_POSITIONING="GridLayout">

<form id="Form1" method="post" runat="server">

<FONT face="宋体">

<asp:Label id="Label1" style="Z-INDEX: 106; LEFT: 224px; POSITION: absolute; TOP: 72px" runat="server">用户名称：</asp:Label>

<asp:Label id="Label2" style="Z-INDEX: 102; LEFT: 220px; POSITION: absolute; TOP: 136px" runat="server">身份：</asp:Label>

<asp:Label id="lbUser" style="Z-INDEX: 103; LEFT: 350px; POSITION: absolute; TOP: 79px" runat="server"></asp:Label>

<asp:Label id="lbSf" style="Z-INDEX: 104; LEFT: 355px; POSITION: absolute; TOP: 133px" runat="server"></asp:Label>

<asp:Button id="btnLogout" style="Z-INDEX: 105; LEFT: 261px; POSITION: absolute; TOP: 192px"

runat="server" Text="注销" Width="101px"></asp:Button></FONT>

</form>

</body>

后置代码

private void Page_Load(object sender, System.EventArgs e)

{

this.lbUser.Text = User.Identity.Name;

if (User.IsInRole("Admin"))

this.lbSf.Text = "Admin";

else

this.lbSf.Text = "User";

}

Web 窗体设计器生成的代码#region Web 窗体设计器生成的代码

override protected void OnInit(EventArgs e)

{

//

// CODEGEN: 该调用是 ASP.NET Web 窗体设计器所必需的。

//

InitializeComponent();

base.OnInit(e);

}

/**//// <summary>

/// 设计器支持所需的方法 - 不要使用代码编辑器修改

/// 此方法的内容。

/// </summary>

private void InitializeComponent()

{

this.btnLogout.Click += new System.EventHandler(this.btnLogout_Click);

this.Load += new System.EventHandler(this.Page_Load);

}

#endregion

private void btnLogout_Click(object sender, System.EventArgs e)

{

FormsAuthentication.SignOut();//注销票

Response.Redirect("login.aspx",true);返回login.aspx页面

}

webconfig配置如下

<authentication mode="Forms" >

<forms name=".SecurityDemo" loginUrl="login.aspx">//.SecurityDemo为cookie名,

</forms>

</authentication>

<authorization>

<deny users="?"/> //拒绝所有匿名用户

<allow roles="admins"/>//允许管理级别用户访问

</authorization>

自我感觉ASP写多了，一般是用session进行判断用户是否合法,但在一个ASP.NET项目中使用身份验证,基本上所有页面都要验证才能访问，感觉有点迁强.但可以在web.config页面对指定的页面设置权限,设置代码如下

<location path="admin.aspx">

<system.web>

<authorization>

<deny users="?" />

</authorization>

</system.web>

</location>

如果只有几个页面设置如上代码,感觉还可以接受.但页面多了岂不是要把人累死呀．．

可能是小的项目做多了,大项目没接触过.请高手给指点具体用途呀．不甚感激．

http://www.cnblogs.com/paleyyang/archive/2006/10/21/536147.html

• ·Internet Explorer 7 评测（
• ·汇总c#.net常用函数和方法集
• ·迁移你的Web页面到ASP.NET AJAX
• ·如何读取XML文件内容
• ·asp.net项目运行的权限问题
• ·虚拟主机下asp.net 2.0的导航控件tr
• ·C#编程向VFP数据库中插入Numeric型的
• ·Photoshop基础教程：跟我学调色练习5-
• ·Photoshop基础教程：跟我学调色练习4-
• ·重装Office仍用原来自动更正词组