Forms身份验证实例

来源：互联网发布：淘宝管控记录会扣分吗编辑：程序博客网时间：2024/06/08 12:03
1.web.config配置文件<authentication mode="Forms" >        <forms loginUrl="~/AdminManage/Login.aspx" name=".loginValidate" path="/" timeout="40" protection="All" /></authentication>配置ASP.NET使用的安全身份验证模式，标识传入用户。 2.Login.aspx.cs文件在通过数据库中查询找到相应项后，创建一含票据的Cookie和含相关用户信息的Cookie(Info)发送到客户端...string[] cookieKey = {"AdminName","lastLoginTime","loginTimes"};string[] cookieValue = {read["AdminName"].ToString(), read["lastLoginTime"].ToString(), read["loginTimes"].ToString()}; SetCookie("Info",cookieKey,cookieValue); AddValidate(read["AdminID"].ToString(),"NetShop_admin"); Response.Write("<script>window.location.href='AdminIndex.aspx'</script>"); 　#region 创建一Cookie集,并发送到客户端    /// <summary>    /// 创建一Cookie集,并发送到客户端    /// </summary>    /// <param name="cookieName">Cookie集的名称</param>    /// <param name="cookieKey">Cookie集的键数组</param>    /// <param name="cookieValue">Cookie集的值数组</param>    private void SetCookie(string cookieName,string[] cookieKey,string[] cookieValue)    {        HttpCookie cookie = new HttpCookie(cookieName);       //创建一Cookie对象        for (int i = 0; i < cookieKey.Length; i++)        //循环为Cookie对象添加键值对        {            cookie.Values.Add(cookieKey[i], cookieValue[i]);        }        Response.Cookies.Add(cookie);          //发送到客户端    }    #endregion     #region 创建票据验证信息加入Cookie发送到客户端    /// <summary>    /// 创建票据验证信息加入Cookie发送到客户端，此处是将票据单独存入一Cookie中    /// </summary>    /// <param name="userID">用户名</param>    /// <param name="userRole">用户角色</param>    private void AddValidate(string userID, string userRole)    {        //创建票据        FormsAuthenticationTicket tkt = new FormsAuthenticationTicket(            1,                                  //票据版本号            userID,                             //要使用的Cookie名(此处使用用户ID编号)            DateTime.Now,                       //Cookie生成时间            DateTime.Now.AddMinutes(40),        //Cookie有效时间            false,                              //是否永久存储            userRole);                          //用户角色        //将加密后的票据赋给一string对象cookiestr        string cookiestr = FormsAuthentication.Encrypt(tkt);        //创件一Cookie，该Cookie名为存放票据的Cookie名，值为加密后票据值        HttpCookie ck = new HttpCookie(FormsAuthentication.FormsCookieName,cookiestr);        ck.Path = FormsAuthentication.FormsCookiePath;     //设置与当前Cookie一起传输的虚拟路径        Response.Cookies.Add(ck);    //发送该包含加密票据的Cookie到客户端    }    #endregion 3.AdmainIndex.aspx.cs文件public partial class AdminManage_AdminIndex : NetShop.Page.NetShop_Popedom{...}使该页面继承自定义页面类NetShop_Popedom，NetShop.Page为一命名空间 4.页面类NetShop_Popedom.cs文件namespace NetShop.Page{    /// <summary>    /// NetShop_Popedom 的摘要说明    /// </summary>    public class NetShop_Popedom:System.Web.UI.Page    {        #region 成员变量        /// <summary>        /// 后台管理员编号        /// </summary>        protected string AdminID = null;        /// <summary>        /// 后台管理员名        /// </summary>        protected string AdminName = null;        /// <summary>        /// 最后登入时间        /// </summary>        protected string lastLoginTime = null;        /// <summary>        /// 登入次数        /// </summary>        protected string loginTimes = null;        #endregion         #region 构造函数        public NetShop_Popedom()        {            //            // TODO: 在此处添加构造函数逻辑            //        }        #endregion         #region 重定义System.Web.UI.Page中的OnInit事件(初始化页面时调用)        /// <summary>        /// 重定义System.Web.UI.Page中的OnInit事件(初始化页面时调用)        /// </summary>        protected override void OnInit(EventArgs e)        {            #region 显示自定义错误友好提示            this.Error += new System.EventHandler(PageBase_Error);            #endregion             #region Form身份验证            /********获取登入成功后，服务器端发给客户端包含票据的Cookie值，设置相关验证********/            //获取客户端包含票据的Cookie            HttpCookie cookie = Request.Cookies[System.Web.Security.FormsAuthentication.FormsCookieName];            //#######获取客户端某一Cookie对象     HttpCookie cookie = Request.Cookies["cookieName"];######//                       //如果该包含票据的Cookie不为空，用户登入成功            if (cookie != null)            {                //获取该Cookie中的单值即加密的票据信息，因为我们是将票据单独存入一Cookie中发送客户端                string encryptedTicket = cookie.Value;                //创建一票据对象，用来自客户端Cookie中获得加密票据值解密后初始化                System.Web.Security.FormsAuthenticationTicket ticket = System.Web.Security.FormsAuthentication.Decrypt(encryptedTicket);                //获取票据中的角色(可能有多个角色)                string[] roles = new string[] { ticket.UserData };                //一个使用Forms身份验证的客户端进行了身份验证和标识                System.Web.Security.FormsIdentity identity = new System.Web.Security.FormsIdentity(ticket);                //创建用户主体信息                System.Security.Principal.GenericPrincipal user = new System.Security.Principal.GenericPrincipal(identity, roles);                HttpContext.Current.User = user;            }            else            {}             /********获取登入成功后，服务器端发给客户端包含客户信息的Cookie，并分析其值********/            //设置一个Cookie对象以便获取客户端名为"Info"的Cookie值            HttpCookie InfoCookie = Request.Cookies["Info"];            //如果用户通过票据验证，且票据中用户角色为NetShop_admin            if (User.Identity.IsAuthenticated && User.IsInRole("NetShop_admin"))            {                string[] adminInfo = User.Identity.Name.Split('|');                this.AdminID = adminInfo[0];                AdminName = InfoCookie.Values["AdminName"];                lastLoginTime = InfoCookie.Values["lastLoginTime"];                loginTimes = InfoCookie.Values["loginTimes"];            }            else            {                if (InfoCookie == null)                {                    Response.Write("<script>alert('你还没有登录系统！\\r\\n\\r\\n请登录系统！');window.location.href = 'Login.aspx';</script>");                }                else                {                    Response.Cookies["Info"].Expires = DateTime.Now.AddDays(-1);    //将这个Cookie过期掉                    Response.Write("<script>alert('╯-╰，由于你长时间没有任何操作，身份验证已过期！\\r\\n\\r\\n请重新登录系统！');window.location.href='Login.aspx'</script>");                }                HttpContext.Current.Response.End();            }            #endregion             base.OnInit(e);        }        #endregion         #region        /// <summary>        /// 更新票据        /// </summary>        protected void UpdateNote()        {            string userInfo = AdminID;            System.Web.Security.FormsAuthenticationTicket tkt = new System.Web.Security.FormsAuthenticationTicket(                1,                userInfo,                DateTime.Now,                DateTime.Now.AddMinutes(40),                false,                "admin");            string cookiestr = System.Web.Security.FormsAuthentication.Encrypt(tkt);            HttpCookie ck = new HttpCookie(System.Web.Security.FormsAuthentication.FormsCookieName,cookiestr);            Response.Cookies.Add(ck);            string[] cookieKey = { "AdminName", "lastLoginTime", "loginTimes" };            string[] cookieValue = {AdminName, lastLoginTime, loginTimes };            HttpCookie ckInfo = new HttpCookie("Info");            for (int i = 0; i < cookieKey.Length; i++)            {                ckInfo.Values.Add(cookieKey[i],cookieValue[i]);            }            Response.Cookies.Add(ckInfo);        }        #endregion         #region 退出系统，删除票据身份验证        /// <summary>        /// 退出系统，删除票据身份验证        /// </summary>        protected void Esc()        {            Response.Cookies["Info"].Expires = DateTime.Now.AddDays(-1);    //将这个Cookie过期掉            System.Web.Security.FormsAuthentication.SignOut();      //删除客户端的身份验证票据        }        #endregion         #region 自定义错误处理        /// <summary>        /// 自定义错误处理        /// </summary>        /// <param name="sender"></param>        /// <param name="e"></param>        protected void PageBase_Error(object sender, System.EventArgs e)        {            string errMsg;            Exception currentError = Server.GetLastError();            errMsg = "<link rel=\"stylesheet\" href=\"/style.css\">";            errMsg += "<h1>系统信息：</h1><hr/>系统发生错误， " +               "<p>该信息已被系统记录，请稍后重试或与管理员联系。</p>" +               "<p>错误地址： " + Request.Url.ToString() + "</p>" +               "<p>错误信息： <font class=\"ErrorMessage\">" + currentError.Message.ToString() + "</font></p><hr/>" +                //"<p>Stack Trace:</b><br/>" + currentError.ToString() + "<p>" +                "<p><a href=\"javascript:void(0)\" onclick=\"history.go(-1);return false;\">点击此处返回上一页</a></p>"; ;                       HttpContext.Current.Response.Write(errMsg);            HttpContext.Current.Server.ClearError();        }        #endregion