配置文件:
<configuration>
<system.web>
<authentication mode="Forms" >
<forms loginUrl = "login.aspx" name = "FORMSAUTHCOOKIE"/>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
xml文件:
<Users>
<Users>
<UserEmail>jchen@contoso.com</UserEmail>
<UserPassword>
BA56E5E0366D003E98EA1C7F04ABF8FCB3753889
</UserPassword>
</Users>
<Users>
<UserEmail>Kim@contoso.com</UserEmail>
<UserPassword>
07B7F3EE06F278DB966BE960E7CBBD103DF30CA6
</UserPassword>
</Users>
</Users>
login.aspx文件:
<%@ Page LANGUAGE="c#" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.SqlClient" %>
<%@ Import Namespace="System.Web.Security " %>
<%@ Import Namespace="System.IO" %>
<html>
<head>
<title>Forms Authentication</title>
<script runat=server>
private void Login_Click(Object sender, EventArgs e)
{
if( !Page.IsValid )
{
Msg.Text = "Some required fields are invalid.";
return;
}
String cmd = "UserEmail='" + UserEmail.Value + "'";
DataSet ds = new DataSet();
FileStream fs = new FileStream(Server.MapPath("Users.xml"),
FileMode.Open,FileAccess.Read);
StreamReader reader = new StreamReader(fs);
ds.ReadXml(reader);
fs.Close();
DataTable users = ds.Tables[0];
DataRow[] matches = users.Select(cmd);
if( matches != null && matches.Length > 0 )
{
DataRow row = matches[0];
string hashedpwd =
FormsAuthentication.HashPasswordForStoringInConfigFile
(UserPass.Value, "SHA1");
String pass = (String)row["UserPassword"];
if( 0 != String.Compare(pass, hashedpwd, false) )
// Tell the user if no password match is found. It is good
// security practice give no hints about what parts of the
// logon credentials are invalid.
Msg.Text = "Invalid Credentials: Please try again";
else
// If a password match is found, redirect the request
// to the originally requested resource (Default.aspx).
FormsAuthentication.RedirectFromLoginPage
(UserEmail.Value, Persist.Checked);
}
else
{
If no name matches were found, redirect the request to the AddUser page using a Response.Redirect command.
Response.Redirect("AddUser/AddUser.aspx");
}
}
</script>
<body>
<form runat=server>
<span style="background:#80FF80">
<h3><font face="Verdana">Login Page</font></h3></span>
<table>
<tr>
<td>e-mail:</td>
<td><input id="UserEmail" type="text" runat=server/></td>
<td><ASP:RequiredFieldValidator
ControlToValidate="UserEmail"
Display="Static"
ErrorMessage="*"
runat="server"/>
</td>
<td><asp:RegularExpressionValidator id="RegexValidator"
ControlToValidate="UserEmail"
ValidationExpression="^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$"
EnableClientScript="false"
Display="Static"
ErrorMessage="Invalid format for e-mail address."
runat="server"/>
</td>
</tr>
<tr>
<td>Password:</td>
<td><input id="UserPass" type=password runat=server/></td>
<td><ASP:RequiredFieldValidator
ControlToValidate="UserPass"
Display="Static"
ErrorMessage="*"
runat="server"/>
</td>
</tr>
<tr>
<td>Persistent Cookies:</td>
<td><ASP:CheckBox id=Persist runat="server"
autopostback="true" />
</td>
<td></td>
</tr>
</table>
<input type="submit" OnServerClick="Login_Click" Value="Login"
runat="server"/><p>
<asp:Label id="Msg" ForeColor="red" Font-Name="Verdana"
Font-Size="10" runat="server" />
</form>
</body>
</html>
addUser.aspx
<%@ Page LANGUAGE="c#" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.SqlClient" %>
<%@ Import Namespace="System.Web.Security " %>
<%@ Import Namespace="System.IO" %>
<html>
<head>
<title>Forms Authentication</title>
<script runat=server>
private void Page_Load(Object Src, EventArgs e)
{
String email = Request.QueryString["UserEmail"];
if( null != email )
UserEmail.Value = email;
}
private void AddUser_Click(Object sender, EventArgs e)
{
if( !Page.IsValid )
{
Msg.Text = "Some required fields are invalid.";
return;
}
DataSet ds = new DataSet();
String userFile = "users.xml";
FileStream fs = new FileStream(Server.MapPath(userFile),
FileMode.Open,FileAccess.Read);
StreamReader reader = new StreamReader(fs);
ds.ReadXml(reader);
fs.Close();
string hashedpwd =
FormsAuthentication.HashPasswordForStoringInConfigFile
(UserPass.Value, "SHA1");
DataRow newUser = ds.Tables[0].NewRow();
newUser["UserEmail"] = UserEmail.Value;
newUser["UserPassword"] = hashedpwd;
ds.Tables[0].Rows.Add(newUser);
ds.AcceptChanges();
fs = new FileStream(Server.MapPath(userFile), FileMode.Create,
FileAccess.Write|FileAccess.Read);
StreamWriter writer = new StreamWriter(fs);
ds.WriteXml(writer);
writer.Close();
fs.Close();
Response.Redirect("Default.aspx");
}
</script>
<body>
<form runat=server>
<div style="background:#ccccff">
<h3><font face="Verdana">Add New User</font></h3>
</div>
<table>
<tr>
<td>Name:</td>
<td><input id="UserEmail" type="text" runat=server/></td>
<td><ASP:RequiredFieldValidator
ControlToValidate="UserEmail"
Display="Static"
ErrorMessage="*"
runat=server/>
</td>
<td><asp:RegularExpressionValidator id="RegexValidator"
ControlToValidate="UserEmail"
ValidationExpression="^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$"
EnableClientScript="false"
Display="Static"
ErrorMessage="Invalid format for e-mail address."
runat="server"/>
</td>
</tr>
<tr>
<td>Password:</td>
<td><input id="UserPass" type=password runat=server/></td>
<td><ASP:RequiredFieldValidator
ControlToValidate="UserPass"
Display="Static"
ErrorMessage="*"
runat=server/>
</td>
</tr>
<tr>
<td>Persistent Forms:</td>
<td><ASP:CheckBox id=Persist runat="server"
autopostback="true" />
</td>
</tr>
</table>
<input type="submit" OnServerClick="AddUser_Click" Value="Add User"
runat="server"/><p>
<asp:Label id="Msg" ForeColor="red" Font-Name="Verdana"
Font-Size="10" runat=server />
</form>
</body>
</html>
Default.aspx
<%@ Page LANGUAGE="c#" %>
<html>
<title>Forms Authentication</title>
<script runat=server>
private void Page_Load(Object Src, EventArgs e)
{
Welcome.InnerHtml = "Hello, " +
Server.HtmlEncode(User.Identity.Name);
}
private void Signout_Click(Object sender, EventArgs e)
{
FormsAuthentication.SignOut();
Response.Write("Logged out - cookie deleted.");
}
</script>
<body>
<h3><font face="Verdana">Forms Authentication Example</font></h3>
<span id="Welcome" runat=server/>
&l