項目需要研究了下Asp.Net的基于forms的驗證機制
構建基于forms的驗證機制過程如下:
1,設置IIS爲可匿名訪問和asp.net web.config中設置爲form驗證
2,檢索數據存儲驗證用戶,並檢索角色(如果不是基于角色可不用)
簡單無role方式:
使用FormsAuthenticationTicket創建一個Cookie並回發到客戶端,並存儲 角色到票中,如:
FormsAuthentication.SetAuthCookie(Username,true | false)
cookies保存時間:
HttpContext.Current.Response.Cookies[FormsAuthentication.FormsCookieName].Expires=DateTime.Now.AddDays(1)
如果需要存儲角色方式:view plaincopy to clipboardprint?
FormsAuthenticationTicket authTicket = new
FormsAuthenticationTicket(
1, // version
txtUserName.Text, // user name
DateTime.Now, // creation
DateTime.Now.AddMinutes(20),// Expiration
false, // Persistent
roles ); // User data
//roles是一個角色字符串數組
string encryptedTicket = FormsAuthentication.Encrypt(authTicket); //加密
FormsAuthenticationTicket authTicket = new
FormsAuthenticationTicket(
1, // version
txtUserName.Text, // user name
DateTime.Now, // creation
DateTime.Now.AddMinutes(20),// Expiration
false, // Persistent
roles ); // User data
//roles是一個角色字符串數組
string encryptedTicket = FormsAuthentication.Encrypt(authTicket); //加密 存入Cookie view plaincopy to clipboardprint?
HttpCookie authCookie =
new HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket);
Response.Cookies.Add(authCookie);
HttpCookie authCookie =
new HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket);
Response.Cookies.Add(authCookie); 在Application_AuthenticateRequest事件中處理程序中(Global.asax)中,使用票創建IPrincipal對象並存在HttpContext.User中代碼: view plaincopy to clipboardprint?
protected void Application_AuthorizeRequest(object sender, System.EventArgs e)
{
HttpApplication App = (HttpApplication) sender;
HttpContext Ctx = App.Context ; //獲取本次Http請求相關的HttpContext對象
if (Ctx.Request.IsAuthenticated == true) //驗證過的用戶才進行role的處理
{
FormsIdentity Id = (FormsIdentity)Ctx.User.Identity ;
FormsAuthenticationTicket Ticket = Id.Ticket ; //取得身份驗證票
string[] Roles = Ticket.UserData.Split (',') ; //將身份驗證票中的role數據轉成字符串數組
Ctx.User = new GenericPrincipal (Id, Roles) ; //將原有的Identity加上角色信息新建一個GenericPrincipal表示當前用戶,這樣當前用戶就擁有了role信息
}
}
protected void Application_AuthorizeRequest(object sender, System.EventArgs e)
{
HttpApplication App = (HttpApplication) sender;
HttpContext Ctx = App.Context ; //獲取本次Http請求相關的HttpContext對象
if (Ctx.Request.IsAuthenticated == true) //驗證過的用戶才進行role的處理
{
FormsIdentity Id = (FormsIdentity)Ctx.User.Identity ;
FormsAuthenticationTicket Ticket = Id.Ticket ; //取得身份驗證票
string[] Roles = Ticket.UserData.Split (',') ; //將身份驗證票中的role數據轉成字符串數組
Ctx.User = new GenericPrincipal (Id, Roles) ; //將原有的Identity加上角色信息新建一個GenericPrincipal表示當前用戶,這樣當前用戶就擁有了role信息
}
}需要對某些頁面進行角色控制,有兩種方法:
1、web.config中加 view plaincopy to clipboardprint?
<location path="EditPost.aspx">
<system.web>
<authorization>
<allow roles="RoleName" />
<deny users="?" />
</authorization>
</system.web>
</location>
<location path="EditPost.aspx">
<system.web>
<authorization>
<allow roles="RoleName" />
<deny users="?" />
</authorization>
</system.web>
</location> 2、把只能是某種角色訪問的文件放在同一目錄下,在此目錄下添加一個web.config view plaincopy to clipboardprint?
<configuration>
<system.web>
<authorization>
<allow roles="RoleName" />
<deny users="*" />
</authorization>
</system.web>
</configuration>
<configuration>
<system.web>
<authorization>
<allow roles="RoleName" />
<deny users="*" />
</authorization>
</system.web>
</configuration> 說明:子目錄的web.config設置優先于父目錄的web.config設置
以上參考:http://www.cnblogs.com/kwklover/archive/2004/06/29/19455.aspx
http://www.donews.net/robinblood/archive/2005/04/30/358041.aspx
項目需要研究了下Asp.Net的基于forms的驗證機制
構建基于forms的驗證機制過程如下:
1,設置IIS爲可匿名訪問和asp.net web.config中設置爲form驗證
2,檢索數據存儲驗證用戶,並檢索角色(如果不是基于角色可不用)
簡單無role方式:
使用FormsAuthenticationTicket創建一個Cookie並回發到客戶端,並存儲 角色到票中,如:
FormsAuthentication.SetAuthCookie(Username,true | false)
cookies保存時間:
HttpContext.Current.Response.Cookies[FormsAuthentication.FormsCookieName].Expires=DateTime.Now.AddDays(1)
如果需要存儲角色方式: view plaincopy to clipboardprint?
FormsAuthenticationTicket authTicket = new
FormsAuthenticationTicket(
1, // version
txtUserName.Text, // user name
DateTime.Now, // creation
DateTime.Now.AddMinutes(20),// Expiration
false, // Persistent
roles ); // User data
//roles是一個角色字符串數組
string encryptedTicket = FormsAuthentication.Encrypt(authTicket); //加密
FormsAuthenticationTicket authTicket = new
FormsAuthenticationTicket(
1, // version
txtUserName.Text, // user name
DateTime.Now, // creation
DateTime.Now.AddMinutes(20),// Expiration
false, // Persistent
roles ); // User data
//roles是一個角色字符串數組
string encryptedTicket = FormsAuthentication.Encrypt(authTicket); //加密 存入Cookie view plaincopy to clipboardprint?
HttpCookie authCookie =
new HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket);
Response.Cookies.Add(authCookie);
HttpCookie authCookie =
new HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket);
Response.Cookies.Add(authCookie); 在Application_AuthenticateRequest事件中處理程序中(Global.asax)中,使用票創建IPrincipal對象並存在HttpContext.User中代碼: view plaincopy to clipboardprint?
protected void Application_AuthorizeRequest(object sender, System.EventArgs e)
{
HttpApplication App = (HttpApplication) sender;
HttpContext Ctx = App.Context ; //獲取本次Http請求相關的HttpContext對象
if (Ctx.Request.IsAuthenticated == true) //驗證過的用戶才進行role的處理
{
FormsIdentity Id = (FormsIdentity)Ctx.User.Identity ;
FormsAuthenticationTicket Ticket = Id.Ticket ; //取得身份驗證票
string[] Roles = Ticket.UserData.Split (',') ; //將身份驗證票中的role數據轉成字符串數組
Ctx.User = new GenericPrincipal (Id, Roles) ; //將原有的Identity加上角色信息新建一個GenericPrincipal表示當前用戶,這樣當前用戶就擁有了role信息
}
}
protected void Application_AuthorizeRequest(object sender, System.EventArgs e)
{
HttpApplication App = (HttpApplication) sender;
HttpContext Ctx = App.Context ; //獲取本次Http請求相關的HttpContext對象
if (Ctx.Request.IsAuthenticated == true) //驗證過的用戶才進行role的處理
{
FormsIdentity Id = (FormsIdentity)Ctx.User.Identity ;
FormsAuthenticationTicket Ticket = Id.Ticket ; //取得身份驗證票
string[] Roles = Ticket.UserData.Split (',') ; //將身份驗證票中的role數據轉成字符串數組
Ctx.User = new GenericPrincipal (Id, Roles) ; //將原有的Identity加上角色信息新建一個GenericPrincipal表示當前用戶,這樣當前用戶就擁有了role信息
}
} 需要對某些頁面進行角色控制,有兩種方法:
1、web.config中加 view plaincopy to clipboardprint?
<location path="EditPost.aspx">
<system.web>
<authorization>
<allow roles="RoleName" />
<deny users="?" />
</authorization>
</system.web>
</location>
<location path="EditPost.aspx">
<system.web>
<authorization>
<allow roles="RoleName" />
<deny users="?" />
</authorization>
</system.web>
</location> 2、把只能是某種角色訪問的文件放在同一目錄下,在此目錄下添加一個web.config view plaincopy to clipboardprint?
<configuration>
<system.web>
<authorization>
<allow roles="RoleName" />
<deny users="*" />
</authorization>
</system.web>
</configuration>
<configuration>
<system.web>
<authorization>
<allow roles="RoleName" />
<deny users="*" />
</authorization>
</system.web>
</configuration> 說明:子目錄的web.config設置優先于父目錄的web.config設置
以上參考:[url=http://www.cnblogs.com/kwklover/archive/2004/06/29/19455.aspx]http://www.cnblogs.com/kwklover/archive/2004/06/29/19455.aspx[/url]
[url=http://www.donews.net/robinblood/archive/2005/04/30/358041.aspx]http://www.donews.net/robinblood/archive/2005/04/30/358041.aspx[/url]