//原来字写错了,太汗了,
做为开发者,我们希望经过我们手中出来的代码,是效率最高的,速度最快的,性能最优化的。
我们在探索代码的完美,我们在想着,是不是有更好的代码比我现在这样的写好,
我们想寻找最好的代码,
我们在想,
我们还是在想,却仍没有去敲键盘。
不知不觉浪费了好多的时间,我的还是在想,还是没有代码的呈现。
究竟什么才是最完美的代码呢?
应该是没有最完美的代码。我们在经过简单的思考后,应该执着着去写,经过时间的沉淀,不断的修改和完善,
看到别人的代码,想下人家的思考,如果优于自己,可以取其精华,结合自己的代码不断的去成长,去提高 ,
//修改1 ,已经把代码粘到代码编辑器中了,
//我认为这种代码也比较好,但是有点不想接受,逻辑上有点不顺,感觉,想寻找更好的代码和逻辑
我们往往不太注重逻辑,我们往往下笔没有神,因为copy,del的太简单,在不断的keyword,del的时候,最仍然没有出一个好的逻辑 ,
一次去面试,最后一道是算法题,我是拿着笔就开写了,写着写着,觉得要变动,没有Del,只有划,最后的结果呢,
面试纸上划下了一大片,却仍然没有一个真正的逻辑出来。
为什么不能先想好,才下笔呢。
程序不是作文,写一半就会有一半的分数,
程序不是作文,结果不对就是错的。
最近买了李天平的那本书,附上一个书中的登陆代码。这个登陆主要是用到了微软的安全类,
我不知道大家平时用的登陆,是怎么实现的。有没有比这个还优秀一点的。
比较难以理解的名字,做了一下通俗的解释。希望对大家有一些帮助。
1.负责人(principal)-运行环境 身份(identity)-用户 授权(Authentication)
Authorization 授权 判断用户是否有权操作,比如登录的用户有没有权限访问资源或者数据库
Authentication 认证 用户的Identity. 主要有:HTTP基础认证、证书、Kerberos、Passport、NTLM、Forms-based、Digest
一般应用先authenticate用户, 判断用户是否能链接到系统。然后authorization, 判断对某个功能是否有权限。
2.HttpModuler 监视器 过滤传到httpHand上的数据
代码
一,
using System;
using System.Collections;
using System.Security;
using System.Security.Cryptography;
using System.Text;
namespace Permission.WebAdmin
{
/// <summary>
/// 用户对象的安全上下文信息
/// </summary>
public class AccountsPrincipal : System.Security.Principal.IPrincipal
{
#region 属性
protected System.Security.Principal.IIdentity identity;
protected ArrayList permissionList;
protected ArrayList permissionListid;
protected ArrayList roleList;
/// <summary>
/// 当前用户的所有角色
/// </summary>
public ArrayList Roles
{
get
{
return roleList;
}
}
/// <summary>
/// 当前用户拥有的权限列表
/// </summary>
public ArrayList Permissions
{
get
{
return permissionList;
}
}
/// <summary>
/// 当前用户拥有的权限ID列表
/// </summary>
public ArrayList PermissionsID
{
get
{
return permissionListid;
}
}
// IPrincipal Interface Requirements:
/// <summary>
/// 当前用户的标识对象
/// </summary>
public System.Security.Principal.IIdentity Identity
{
get
{
return identity;
}
set
{
identity = value;
}
}
#endregion
/// <summary>
/// 根据用户编号构造
/// </summary>
public AccountsPrincipal(int userID)
{
identity = new SiteIdentity(userID);
permissionList = AccountsPrincipalDLL.GetEffectivePermissionList(userID);
permissionListid = AccountsPrincipalDLL.GetEffectivePermissionListID(userID);
roleList = AccountsPrincipalDLL.GetUserRoles(userID);
}
/// <summary>
/// 根据用户名构造
/// </summary>
public AccountsPrincipal(string userName)
{
identity = new SiteIdentity(userName);
permissionList = AccountsPrincipalDLL.GetEffectivePermissionList(((SiteIdentity)identity).UserID);
permissionListid = AccountsPrincipalDLL.GetEffectivePermissionListID(((SiteIdentity)identity).UserID);
roleList = AccountsPrincipalDLL.GetUserRoles(((SiteIdentity)identity).UserID);
}
/// <summary>
/// 当前用户是否属于指定名称的角色
/// </summary>
public bool IsInRole(string role)
{
return roleList.Contains(role);
}
/// <summary>
/// 当前用户是否拥有指定名称的权限
/// </summary>
public bool HasPermission(string permission)
{
return permissionList.Contains(permission);
}
/// <summary>
/// 当前用户是否拥有指定的权限
/// </summary>
public bool HasPermissionID(int permissionid)
{
return permissionListid.Contains(permissionid);
}
/// <summary>
/// 验证登录信息
/// </summary>
public static AccountsPrincipal ValidateLogin(string userName, string password)
{
int newID;
byte[] cryptPassword = EncryptPassword(password);
Data.User dataUser = new Data.User();
if ((newID = dataUser.ValidateLogin(userName, cryptPassword)) > 0)
return new AccountsPrincipal(newID);
else
return null;
}
/// <summary>
/// 密码加密
/// </summary>
public static byte[] EncryptPassword(string password)
{
UnicodeEncoding encoding = new UnicodeEncoding();
byte[] hashBytes = encoding.GetBytes(password);
SHA1 sha1 = new SHA1CryptoServiceProvider();
byte[] cryptPassword = sha1.ComputeHash(hashBytes);
return cryptPassword;
}
}
}
二
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using Permission.Common;
namespace Permission.WebAdmin
{
/// <summary>
/// 页面基类
/// </summary>
public class PageBase : System.Web.UI.Page
{
protected override void OnInit(EventArgs e)
{
base.OnInit(e);
this.Load += new System.EventHandler(this.Page_Load);
this.Error += new System.EventHandler(this.Page_Error);
}
#region 权限检查
/// <summary>
/// 页面访问权限ID。
/// </summary>
public virtual int PermissionID
{
get { return -1; }
}
public AccountsPrincipal CurrentPrincipal
{
get
{
if (Context.User.Identity.IsAuthenticated)
{
AccountsPrincipal user = new AccountsPrincipal(Context.User.Identity.Name);
return user;
}
return null;
}
}
/// <summary>
/// 当前用户信息
/// </summary>
public Tb_Accounts_Users CurrentUser
{
get
{
if (CurrentPrincipal == null)
{
return null;
}
if (Session["UserInfo"] == null)
{
LTP.Accounts.Bus.User currentUser = new LTP.Accounts.Bus.User(CurrentPrincipal);
Session["UserInfo"] = currentUser;
}
return Session["UserInfo"] as Tb_Accounts_Users;
}
}
#endregion
#region 页面事件
private void Page_Load(object sender, System.EventArgs e)
{
//网站域名或虚拟目录
string virtualPath = ConfigurationManager.AppSettings.Get("VirtualPath");
//登录页地址
string loginPage = ConfigurationManager.AppSettings.Get("LoginPage");
if (Context.User.Identity.IsAuthenticated)
{
AccountsPrincipal user = new AccountsPrincipal(Context.User.Identity.Name);
if ((PermissionID != -1) && (!user.HasPermissionID(PermissionID)))
{
Response.Clear();
Response.Write("<script defer>window.alert('您没有权限进入本页!');history.back();</script>");
Response.End();
}
}
else
{
FormsAuthentication.SignOut();
Session.Clear();
Session.Abandon();
Response.Clear();
Response.Write("<script defer>window.alert('您没有权限进入本页或当前登录用户已过期!http://www.cnblogs.com/hsapphire/admin/file://n/请重新登录或与管理员联系!');parent.location='" + virtualPath + "/" + loginPage + "';</script>");
Response.End();
}
}
protected void Page_Error(object sender, System.EventArgs e)
{
string errMsg = "";
Exception currentError = Server.GetLastError();
errMsg += "系统发生错误:<br/>" +
"错误地址: " + Request.Url.ToString() + "<br/>" +
"错误信息: " + currentError.Message.ToString() + "<br/>";
Response.Write(errMsg);
Server.ClearError();//要注意这句代码的使用,清除异常。
}
#endregion
#region URL参数
public virtual string Name
{
get
{
if ((Request["name"] != null) && (Request["name"].ToString() != ""))
{
return Request.QueryString["name"].Trim();
}
return "";
}
}
#endregion
}
}
三。
using System;
using System.Collections.Generic;
using System.Text;
using Permission.Common;
using System.Security.Cryptography;
namespace Permission.WebAdmin
{
/// <summary>
/// 当前用户的标识对象
/// </summary>
[Serializable]
public class SiteIdentity : System.Security.Principal.IIdentity
{
#region 用户属性
private string userName;
private string trueName;
private string email;
private byte[] password;
private int userID;
private string sex;
/// <summary>
/// 用户名
/// </summary>
public string UserName
{
get
{
return userName;
}
}
/// <summary>
/// 真实姓名
/// </summary>
public string TrueName
{
get
{
return trueName;
}
}
/// <summary>
/// 邮箱
/// </summary>
public string Email
{
get
{
return email;
}
}
/// <summary>
/// 用户编号
/// </summary>
public int UserID
{
get
{
return userID;
}
}
/// <summary>
/// 密码
/// </summary>
public byte[] Password
{
get
{
return password;
}
}
/// <summary>
/// 性别
/// </summary>
public string Sex
{
get
{
return sex;
}
}
#endregion
#region IIdentity interface requirments:
/// <summary>
/// 当前用户的名称
/// </summary>
public string Name
{
get
{
return userName;
}
}
/// <summary>
/// 获取所使用的身份验证的类型。
/// </summary>
public string AuthenticationType
{
get
{
return "Custom Authentication";
}
set
{
// do nothing
}
}
/// <summary>
/// 是否验证了用户
/// </summary>
public bool IsAuthenticated
{
get
{
return true;
}
}
#endregion
/// <summary>
/// 根据用户名构造
/// </summary>
public SiteIdentity(string currentUserName)
{
Tb_Accounts_Users entityUser=BllAccess . UserDLL.UserGetModelByUserName(currentUserName);
userName = currentUserName;
trueName = entityUser.TrueName;
email = entityUser.Email;
userID = entityUser.UserID;
password = entityUser.Password;
sex = entityUser.Sex;
}
/// <summary>
/// 根据用户ID构造
/// </summary>
public SiteIdentity(int currentUserID)
{
Tb_Accounts_Users entityUser = UserDLL.UserGetModelByUserID(currentUserID);
userName = entityUser.UserName;
trueName = entityUser.TrueName;
email = entityUser.Email;
userID = currentUserID;
password = entityUser.Password;
sex = entityUser.Sex;
}
/// <summary>
/// 检查当前用户对象密码
/// </summary>
public int TestPassword(string password)
{
// At some point, we may have a more complex way of encrypting or storing the passwords
// so by supplying this procedure, we can simply replace its contents to move password
// comparison to the database (as we've done below) or somewhere else (e.g. another
// web service, etc).
UnicodeEncoding encoding = new UnicodeEncoding();
byte[] hashBytes = encoding.GetBytes(password);
SHA1 sha1 = new SHA1CryptoServiceProvider();
byte[] cryptPassword = sha1.ComputeHash(hashBytes);
return UserDLL.TestPassword(userID, cryptPassword);
}
}
}
using System;
using System.Collections;
using System.Security;
using System.Security.Cryptography;
using System.Text;
namespace Permission.WebAdmin
{
/// <summary>
/// 用户对象的安全上下文信息
/// </summary>
public class AccountsPrincipal : System.Security.Principal.IPrincipal
{
#region 属性
protected System.Security.Principal.IIdentity identity;
protected ArrayList permissionList;
protected ArrayList permissionListid;
protected ArrayList roleList;
/// <summary>
/// 当前用户的所有角色
/// </summary>
public ArrayList Roles
{
get
{
return roleList;
}
}
/// <summary>
/// 当前用户拥有的权限列表
/// </summary>
public ArrayList Permissions
{
get
{
return permissionList;
}
}
/// <summary>
/// 当前用户拥有的权限ID列表
/// </summary>
public ArrayList PermissionsID
{
get
{
return permissionListid;
}
}
// IPrincipal Interface Requirements:
/// <summary>
/// 当前用户的标识对象
/// </summary>
public System.Security.Principal.IIdentity Identity
{
get
{
return identity;
}
set
{
identity = value;
}
}
#endregion
/// <summary>
/// 根据用户编号构造
/// </summary>
public AccountsPrincipal(int userID)
{
identity = new SiteIdentity(userID);
permissionList = AccountsPrincipalDLL.GetEffectivePermissionList(userID);
permissionListid = AccountsPrincipalDLL.GetEffectivePermissionListID(userID);
roleList = AccountsPrincipalDLL.GetUserRoles(userID);
}
/// <summary>
/// 根据用户名构造
/// </summary>
public AccountsPrincipal(string userName)
{
identity = new SiteIdentity(userName);
permissionList = AccountsPrincipalDLL.GetEffectivePermissionList(((SiteIdentity)identity).UserID);
permissionListid = AccountsPrincipalDLL.GetEffectivePermissionListID(((SiteIdentity)identity).UserID);
roleList = AccountsPrincipalDLL.GetUserRoles(((SiteIdentity)identity).UserID);
}
/// <summary>
/// 当前用户是否属于指定名称的角色
/// </summary>
public bool IsInRole(string role)
{
return roleList.Contains(role);
}
/// <summary>
/// 当前用户是否拥有指定名称的权限
/// </summary>
public bool HasPermission(string permission)
{
return permissionList.Contains(permission);
}
/// <summary>
/// 当前用户是否拥有指定的权限
/// </summary>
public bool HasPermissionID(int permissionid)
{
return permissionListid.Contains(permissionid);
}
/// <summary>
/// 验证登录信息
/// </summary>
public static AccountsPrincipal ValidateLogin(string userName, string password)
{
int newID;
byte[] cryptPassword = EncryptPassword(password);
Data.User dataUser = new Data.User();
if ((newID = dataUser.ValidateLogin(userName, cryptPassword)) > 0)
return new AccountsPrincipal(newID);
else
return null;
}
/// <summary>
/// 密码加密
/// </summary>
public static byte[] EncryptPassword(string password)
{
UnicodeEncoding encoding = new UnicodeEncoding();
byte[] hashBytes = encoding.GetBytes(password);
SHA1 sha1 = new SHA1CryptoServiceProvider();
byte[] cryptPassword = sha1.ComputeHash(hashBytes);
return cryptPassword;
}
}
}
二
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using Permission.Common;
namespace Permission.WebAdmin
{
/// <summary>
/// 页面基类
/// </summary>
public class PageBase : System.Web.UI.Page
{
protected override void OnInit(EventArgs e)
{
base.OnInit(e);
this.Load += new System.EventHandler(this.Page_Load);
this.Error += new System.EventHandler(this.Page_Error);
}
#region 权限检查
/// <summary>
/// 页面访问权限ID。
/// </summary>
public virtual int PermissionID
{
get { return -1; }
}
public AccountsPrincipal CurrentPrincipal
{
get
{
if (Context.User.Identity.IsAuthenticated)
{
AccountsPrincipal user = new AccountsPrincipal(Context.User.Identity.Name);
return user;
}
return null;
}
}
/// <summary>
/// 当前用户信息
/// </summary>
public Tb_Accounts_Users CurrentUser
{
get
{
if (CurrentPrincipal == null)
{
return null;
}
if (Session["UserInfo"] == null)
{
LTP.Accounts.Bus.User currentUser = new LTP.Accounts.Bus.User(CurrentPrincipal);
Session["UserInfo"] = currentUser;
}
return Session["UserInfo"] as Tb_Accounts_Users;
}
}
#endregion
#region 页面事件
private void Page_Load(object sender, System.EventArgs e)
{
//网站域名或虚拟目录
string virtualPath = ConfigurationManager.AppSettings.Get("VirtualPath");
//登录页地址
string loginPage = ConfigurationManager.AppSettings.Get("LoginPage");
if (Context.User.Identity.IsAuthenticated)
{
AccountsPrincipal user = new AccountsPrincipal(Context.User.Identity.Name);
if ((PermissionID != -1) && (!user.HasPermissionID(PermissionID)))
{
Response.Clear();
Response.Write("<script defer>window.alert('您没有权限进入本页!');history.back();</script>");
Response.End();
}
}
else
{
FormsAuthentication.SignOut();
Session.Clear();
Session.Abandon();
Response.Clear();
Response.Write("<script defer>window.alert('您没有权限进入本页或当前登录用户已过期!http://www.cnblogs.com/hsapphire/admin/file://n/请重新登录或与管理员联系!');parent.location='" + virtualPath + "/" + loginPage + "';</script>");
Response.End();
}
}
protected void Page_Error(object sender, System.EventArgs e)
{
string errMsg = "";
Exception currentError = Server.GetLastError();
errMsg += "系统发生错误:<br/>" +
"错误地址: " + Request.Url.ToString() + "<br/>" +
"错误信息: " + currentError.Message.ToString() + "<br/>";
Response.Write(errMsg);
Server.ClearError();//要注意这句代码的使用,清除异常。
}
#endregion
#region URL参数
public virtual string Name
{
get
{
if ((Request["name"] != null) && (Request["name"].ToString() != ""))
{
return Request.QueryString["name"].Trim();
}
return "";
}
}
#endregion
}
}
三。
using System;
using System.Collections.Generic;
using System.Text;
using Permission.Common;
using System.Security.Cryptography;
namespace Permission.WebAdmin
{
/// <summary>
/// 当前用户的标识对象
/// </summary>
[Serializable]
public class SiteIdentity : System.Security.Principal.IIdentity
{
#region 用户属性
private string userName;
private string trueName;
private string email;
private byte[] password;
private int userID;
private string sex;
/// <summary>
/// 用户名
/// </summary>
public string UserName
{
get
{
return userName;
}
}
/// <summary>
/// 真实姓名
/// </summary>
public string TrueName
{
get
{
return trueName;
}
}
/// <summary>
/// 邮箱
/// </summary>
public string Email
{
get
{
return email;
}
}
/// <summary>
/// 用户编号
/// </summary>
public int UserID
{
get
{
return userID;
}
}
/// <summary>
/// 密码
/// </summary>
public byte[] Password
{
get
{
return password;
}
}
/// <summary>
/// 性别
/// </summary>
public string Sex
{
get
{
return sex;
}
}
#endregion
#region IIdentity interface requirments:
/// <summary>
/// 当前用户的名称
/// </summary>
public string Name
{
get
{
return userName;
}
}
/// <summary>
/// 获取所使用的身份验证的类型。
/// </summary>
public string AuthenticationType
{
get
{
return "Custom Authentication";
}
set
{
// do nothing
}
}
/// <summary>
/// 是否验证了用户
/// </summary>
public bool IsAuthenticated
{
get
{
return true;
}
}
#endregion
/// <summary>
/// 根据用户名构造
/// </summary>
public SiteIdentity(string currentUserName)
{
Tb_Accounts_Users entityUser=BllAccess . UserDLL.UserGetModelByUserName(currentUserName);
userName = currentUserName;
trueName = entityUser.TrueName;
email = entityUser.Email;
userID = entityUser.UserID;
password = entityUser.Password;
sex = entityUser.Sex;
}
/// <summary>
/// 根据用户ID构造
/// </summary>
public SiteIdentity(int currentUserID)
{
Tb_Accounts_Users entityUser = UserDLL.UserGetModelByUserID(currentUserID);
userName = entityUser.UserName;
trueName = entityUser.TrueName;
email = entityUser.Email;
userID = currentUserID;
password = entityUser.Password;
sex = entityUser.Sex;
}
/// <summary>
/// 检查当前用户对象密码
/// </summary>
public int TestPassword(string password)
{
// At some point, we may have a more complex way of encrypting or storing the passwords
// so by supplying this procedure, we can simply replace its contents to move password
// comparison to the database (as we've done below) or somewhere else (e.g. another
// web service, etc).
UnicodeEncoding encoding = new UnicodeEncoding();
byte[] hashBytes = encoding.GetBytes(password);
SHA1 sha1 = new SHA1CryptoServiceProvider();
byte[] cryptPassword = sha1.ComputeHash(hashBytes);
return UserDLL.TestPassword(userID, cryptPassword);
}
}
}