在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
1.下面的例子在web.config文件中配置网站使用asp.net forms 身份认证方式: <configuration> <system.web> <authentication mode="Forms"> <forms name="MyAppCookie" loginUrl="~/Login.aspx" protection="All" timeout="30" path="/" /> </authentication> ... </system.web> </configuration> Forms 认证设置:
2.Authorization Rules(授权规则) <authorization> <allow users="*" /> <deny users="?" /> </authorization> When evaluating rules, ASP.NET scans through the list from top to bottom and then continues with the settings in any .config file inherited from a parent directory, ending with the settings in the base machine.config file. As soon as it finds an applicable rule, it stops it s search. Thus, in the previous case, it will determine that the rule <allow users="*"> applies to the current request and will not evaluate the second line. This means these rules will allow all users, including anonymous users. <authorization> <deny users="?" /> <allow users="*" /> </authorization> Now these rules will deny anonymous users (by matching the first rule) and allow all other users (by matching the second rule). 3.The Login Page(登录页) ASP.NET provides a special FormsAuthentication class in the System.Web.Security namespace, which provides static methods that help manage the process. public partial class Login : System.Web.UI.Page { protected void cmdLogin_Click(Object sender, EventArgs e) { if (txtPassword.Text.ToLower() == "secret") { FormsAuthentication.RedirectFromLoginPage( txtName.Text, false); } else { lblStatus.Text = "Try again."; } } } The RedirectFromLoginPage() method requires two parameters. The first sets the name of the user. The second is a Boolean variable that specifies whether you want to create a persistent cookie (one that stays on the user’s hard drive for a longer period of time). 4.Retrieving the User’s Identity Once the user is logged in, you can retrieve the identity through the built-in User property, as shown here: protected void Page_Load(Object sender, EventArgs e) { lblMessage.Text = "You have reached the secured page, "; lblMessage.Text += User.Identity.Name + "."; } 5.Signing Out private void cmdSignOut_Click(Object sender, EventArgs e) { FormsAuthentication.SignOut(); Response.Redirect("~/Login.aspx"); } 6.Persistent Cookies(持久cookie) A persistent authentication cookie remains on the user’s hard drive and keeps the user signed in for hours, days, or weeks—even if the user closes and reopens the browser. Creating a persistent cookie requires a bit more code than creating a standard forms authentication cookie. Instead of using the RedirectFromLoginPage() method, you need to manually create the authentication ticket, set its expiration time, encrypt it , attach it to the request, and then redirect the user to the requested page. All of these tasks are easy, but it’s important to perform them all in the correct order. The following code examines a check box named chkPersist. If it’s selected, the code creates a persistent cookie that lasts for 20 days: // Perform the authentication. if (txtPassword.Text.ToLower() == "secret") { if (chkPersist.Checked) { // Use a persistent cookie that lasts 20 days. // The timeout must be specified as a number of minutes. int timeout = (int)TimeSpan.FromDays(20).TotalMinutes; // Create an authentication ticket. FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(txtName.Text, true, cookietimeout); // Encrypt the ticket (so people can't steal it as it travels over // the Internet). string encryptedTicket = FormsAuthentication.Encrypt(ticket); // Create the cookie for the ticket, and put the ticket inside. HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket); // Give the cookie and the authentication ticket the same expiration. cookie.Expires = ticket.Expiration; // Attach the cookie to the current response. It will now travel back to // the client, and then back to the web server with every new request. HttpContext.Current.Response.Cookies.Set(cookie); // Send the user to the originally requested page. string requestedPage = FormsAuthentication.GetRedirectUrl(txtName.text, false); Response.Redirect(requestedPage, true); } else { // Use the standard authentication method. FormsAuthentication.RedirectFromLoginPage( txtName.Text, false); } } It’s worth noting that the FormsAuthentication.SignOut() method will always remove the forms authentication cookie, regardless of whether it is a normal cookie or a persistent cookie. |
请发表评论