Global
1 void Application_AuthenticateRequest(object sender, EventArgs e) 2 { 3 UserHelper.SetRoles(); 4 }
Login:
1 protected void LoginUser_Authenticate(object sender, AuthenticateEventArgs e) 2 { 3 string username=LoginUser.UserName; 4 string password=LoginUser.Password; 5 bool IsRemember=LoginUser.RememberMeSet; 6 7 if(UserHelper.IsDBAuthenticated(username,password)) 8 { 9 string roles=UserHelper.GetDBRoles(username,password); 10 UserHelper.Login(username, IsRemember, roles); 11 } 12 13 }
Web.config
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<machineKey validationKey="3FF1E929BC0534950B0920A7B59FA698BD02DFE8"
decryptionKey="280450BB36319B474C996B506A95AEDF9B51211B1D2B7A77"
decryption="3DES"
validation="SHA1"/>
<authentication mode="Forms">
<forms name="CURRENT_AUTH_Cookies_NAME"
loginUrl="~/Account/Login.aspx"
defaultUrl="~/About.aspx"
timeout="100">
<credentials passwordFormat="SHA1"></credentials>
</forms>
</authentication>
</system.web>
</configuration>
UserHelper类文件:
UserHelper
1 public class UserHelper 2 { 3 #region DB 4 public static bool IsDBAuthenticated(string username, string password) 5 { 6 return true; //查询数据库 7 } 8 9 public static string GetDBRoles(string username, string password) 10 { 11 return "editor,admin";// 查询数据库 12 } 13 #endregion 14 15 #region Tools 16 17 public static bool IsLogin() 18 { 19 var user=HttpContext.Current.User; 20 if (user==null || !user.Identity.IsAuthenticated 21 || string.IsNullOrEmpty(user.Identity.Name)) 22 { 23 HttpContext.Current.Response.Redirect(FormsAuthentication.LoginUrl+"?ReturnUrl=" 24 + HttpContext.Current.Request.Url); 25 return false; 26 } 27 return true; 28 } 29 30 public static bool InRole(string role) 31 { 32 var user=HttpContext.Current.User; 33 if (user!=null && user.Identity.IsAuthenticated && user.Identity is FormsIdentity) 34 { 35 return user.IsInRole(role); 36 } 37 return false; 38 } 39 40 //一般由于Global::Application_AuthenticateRequest() 41 public static void SetRoles() 42 { 43 var user=HttpContext.Current.User; 44 if (user!=null && user.Identity.IsAuthenticated && user.Identity is FormsIdentity) 45 { 46 FormsIdentity id=user.Identity as FormsIdentity; 47 FormsAuthenticationTicket ticket=id.Ticket; 48 string userData=ticket.UserData; 49 50 // FormsAuthenticationTicket ticket2 = new FormsAuthenticationTicket(2, ticket.Name, 51 // DateTime.Now, ticket.Expiration, false, userData); 52 // SetTicket(ticket2,ticket.Expiration); 53 string[] roles=userData.Split(','); 54 HttpContext.Current.User=new GenericPrincipal(id, roles); 55 } 56 } 57 58 public static FormsAuthenticationTicket GetTicket() 59 { 60 //添加下列代码以从窗体身份验证 cookie 中提取和解密身份验证票。 61 string cookieName = FormsAuthentication.FormsCookieName; 62 HttpCookie authCookie = HttpContext.Current.Request.Cookies[cookieName]; 63 if (authCookie==null) 64 return null; 65 FormsAuthenticationTicket authTicket = null; 66 try 67 { 68 authTicket = FormsAuthentication.Decrypt(authCookie.Value); 69 } 70 catch (Exception ex) 71 { 72 // Log exception details (omitted for simplicity) 73 return null; 74 } 75 76 return authTicket; 77 } 78 79 public static void SetTicket(FormsAuthenticationTicket ticket, DateTime endtime) 80 { 81 var hashString = FormsAuthentication.Encrypt(ticket); 82 HttpCookie cookie=new HttpCookie(FormsAuthentication.FormsCookieName, hashString); 83 cookie.Expires=endtime; 84 85 if(HttpContext.Current.Request.Cookies.AllKeys.Contains(FormsAuthentication.FormsCookieName)) 86 HttpContext.Current.Response.Cookies.Remove(FormsAuthentication.FormsCookieName); 87 HttpContext.Current.Response.Cookies.Add(cookie); 88 } 89 #endregion 90 91 #region Login Logout 92 public static void Login(string UserName,bool IsRemember,string roles) 93 { 94 95 DateTime now=DateTime.Now; 96 DateTime endtime=now.AddMinutes(30); 97 if (IsRemember) 98 endtime=now.AddYears(1); 99 100 FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(2,UserName, 101 now, endtime, false, roles); 102 SetTicket(ticket, endtime); 103 // FormsAuthentication.RedirectFromLoginPage(UserName,IsRemember); 104 HttpContext.Current.Response.Redirect(FormsAuthentication.GetRedirectUrl(UserName,IsRemember)); 105 106 } 107 108 public static void Logout() 109 { 110 FormsAuthentication.SignOut(); 111 FormsAuthentication.RedirectToLoginPage(); 112 } 113 #endregion 114 }
AdminAbout:
1 public partial class AdminAbout : System.Web.UI.Page 2 { 3 protected void Page_Load(object sender, EventArgs e) 4 { 5 6 if (UserHelper.IsLogin()) 7 { 8 if (!UserHelper.InRole("admin")) 9 { 10 UserHelper.Logout(); 11 Response.Redirect("~/Account/Login.aspx?ReturnUrl="+Request.Url); 12 } 13 14 } 15 16 } 17 }