要求:
using System.Web.Security
using System.Security.Principal
[Principal]:主要的(這裏怎樣翻譯呢??)
==================================
目錄
+admin1
-default.aspx
-web.config //web.config#1
+admin2
-default.aspx
-web.config//web.config#2
+bin
-web.config//web.config#root
-login.aspx
==========================
目的:
admin1文件夾:只有role是administrator可以訪問.
admini2文件夾:只有role是controler可以訪問.
帳號,密碼,角色存儲在特定數據庫中.
本例目的(其他道理相同):
caca是administrator
wawa是controler
所以caca可以訪問admin1,不能訪問admin2;wawa反之.
==========================
配置:
(1)web.config#root
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<authentication mode="Forms">
<forms name="authenticationcookie"
loginUrl="login.aspx" protection="All" path="/" timeout="40"/>
</authentication>
</system.web>
</configuration>
![]()
(2)web.config#1
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<authorization>
<allow roles="administrator"/>
<deny users="*"/>
</authorization>
</system.web>
</configuration>
![]()
(3)web.config#2
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<authorization>
<allow roles="controler"/>
<deny users="*"/>
</authorization>
</system.web>
</configuration>
![]()
==========================
關鍵代碼:
(1)login.aspx
<script language=c# runat=server>
private void signin(Object sender,EventArgs e)
![]()
![]()
{
string aRole="guest";
if(tbName.Text=="caca")aRole="administrator";
if(tbName.Text=="wawa")aRole="controler";
![]()
//建立role-based認證票據(我認爲本質是cookie)
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(
1, // version(版本?)
tbName.Text, // user name(可能是生成票據驗證cookie的名稱)
DateTime.Now, // creation(票據產生時間)
DateTime.Now.AddMinutes(40),// Expiration(票據cookie失效時間)
false, // Persistent(是否永久保持cookie)
aRole ); // User data(角色)
//修改票據cookie,使其加密(本質是寫入一個與票據cookie同名的新cookie)
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName,encryptedTicket);
Response.Cookies.Add(authCookie);
//返回所請求的URL
Response.Redirect( FormsAuthentication.GetRedirectUrl(tbName.Text, false ));
![]()
![]()
}
private void signout(Object sender,EventArgs e)
![]()
![]()
{
//註銷票據
FormsAuthentication.SignOut();
}
</script>
![]()
![]()
<html>
<head>
<title>LogIn</title>
</head>
<body>
<form runat=server>
Name:<asp:textbox runat=server id=tbName/>[caca/wawa]
<asp:button runat=server text=LogIn onclick=signin/>
<asp:button runat=server text=SignOut onclick=signout/>
<hr>
<asp:label runat=server id=lblMessage/>
</form>
</body>
</html>
![]()
(2)Global.asax
<% @ import namespace=System.Security.Principal %>
<% @ import namespace=System.Security %>
<script language=c# runat=server>
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
![]()
{
![]()
// Extract the forms authentication cookie(還原加密的票據)
string cookieName = FormsAuthentication.FormsCookieName;
HttpCookie authCookie = Context.Request.Cookies[cookieName];
if(null == authCookie)
![]()
{
// There is no authentication cookie.
return;
}
FormsAuthenticationTicket authTicket = null;
try
![]()
{
authTicket = FormsAuthentication.Decrypt(authCookie.Value);
}
catch(Exception ex)
![]()
{
// Log exception details (omitted for simplicity)
return;
}
if (null == authTicket)
![]()
{
// Cookie failed to decrypt.
return;
}
// When the ticket was created, the UserData property was assigned a
// pipe delimited string of role names.(票據已經還原,提取票據的UserData即爲驗證用戶的role)
![]()
string[] roles = authTicket.UserData.Split(new char[]
{'|'});
![]()
// Create an Identity object
FormsIdentity id = new FormsIdentity( authTicket );
// This principal will flow throughout the request.
GenericPrincipal principal = new GenericPrincipal(id, roles);
// Attach the new principal object to the current HttpContext object
Context.User = principal;
//這幾句話我還沒有真正理解,希望以後能從本質上看透驗證過程.
}
</script>
![]()
![]()