基于角色的身份验证2

前边一个有把在 global 中通过用户名到数据库去验证,这个中是直接在用户登陆时把用户角色存在 cookie 中,在 global 中去进行验证,可能比前一个要效率高吧....

 
web.config
 

<authentication mode="Forms"> 
     <forms name=".test" loginUrl="bb.aspx" timeout="30" path="/"></forms>

      </authentication>
    <authorization>
      
            
            <deny users="?"></deny>
    </authorization>

User.xml
 

<?xml version="1.0" encoding="utf-8" ?> 
<roles>
  <user
    name="Bob"
    roles="Sales" />
  <user
    name="Jane"
    roles="Supervisor,Sales" />
</roles>

  bb.aspx
 

private void Button1_Click(object sender, System.EventArgs e)
        {   

            if (confirm(this.TextBox1 .Text ,this.TextBox2.Text))
            {
                 string Roles=this.get_Role (this.TextBox1.Text );
                 

                FormsAuthenticationTicket Ticket = new FormsAuthenticationTicket (1,this.TextBox1 .Text ,DateTime.Now, DateTime.Now.AddMinutes(30), false,Roles,"/") ; //建立身份验证票对象
               string HashTicket = FormsAuthentication.Encrypt (Ticket) ; //加密序列化票为字符串

            HttpCookie UserCookie = new HttpCookie(FormsAuthentication.FormsCookieName,HashTicket) ;
            //生成Cookie
            Context.Response.Cookies.Add (UserCookie) ; //输出Cookie
            Context.Response.Redirect (Context.Request["ReturnUrl"]) ; // 重定户申请的初始页面
      
}
                     
            
        } 

        public bool confirm(string name,string pass)
        {
            DataSet ds;
            ds=new DataSet ();
            ds.ReadXml (MapPath("User.xml"));
            DataTable dt=ds.Tables[0];
              
            DataRow[] dr=dt.Select("name='"+name+"'");

            if (dr.Length >0)
                return true;
                else
                return false;
              
             
        } 

        public  string  get_Role(string name)
        {
             DataSet ds;
             ds=new DataSet ();
             ds.ReadXml (MapPath("User.xml"));
              DataTable dt=ds.Tables[0];
              
                DataRow[] dr=dt.Select("name='"+name+"'");
              
            
             return dr[0][1].ToString ();
               
              
              
             
        }

Global.asax

protected void Application_AuthenticateRequest(Object sender, EventArgs e)
        {
           System.Web .HttpApplication  app=((HttpApplication)sender);
           System.Web.HttpContext  ctx=app.Context;
            if (ctx.Request .IsAuthenticated)
            {
                System.Web .Security.FormsIdentity id=((FormsIdentity)ctx.User .Identity) ;
                System.Web .Security.FormsAuthenticationTicket  ticket=id.Ticket ;
                 string [] Role=ticket.UserData .Split(',');
                 ctx.User =new System.Security.Principal.GenericPrincipal(id ,Role);

             }


        }

default.aspx

private void Page_Load(object sender, System.EventArgs e)
        {
            
            if (User.IsInRole("Sales"))
            {
                this.Response .Write ("Seles");
                 
             }

            if (User.IsInRole("Supervisor"))
            {
                this.Response .Write ("Supervisor");
                 
            }



            
                }