src:http://www.cnblogs.com/caca/archive/2004/07/26/27267.aspx
要求:
using System.Web.Security
using System.Security.Principal
[Principal]:主要的(這裏怎樣翻譯呢??)
==================================
目錄
+admin1 -default.aspx -web.config //web.config#1+admin2 -default.aspx -web.config//web.config#2+bin-web.config//web.config#root-login.aspx
==========================
目的:
admin1文件夾:只有role是administrator可以訪問.
admini2文件夾:只有role是controler可以訪問.
帳號,密碼,角色存儲在特定數據庫中.
本例目的(其他道理相同):
caca是administrator
wawa是controler
所以caca可以訪問admin1,不能訪問admin2;wawa反之.
==========================
配置:
(1)web.config#root
<?xml version="1.0" encoding="utf-8"?><configuration> <system.web> <authentication mode="Forms"> <forms name="authenticationcookie" loginUrl="login.aspx" protection="All" path="/" timeout="40"/>
</authentication> </system.web></configuration>(2)web.config#1
<?xml version="1.0" encoding="utf-8"?><configuration> <system.web> <authorization> <allow roles="administrator"/> <deny users="*"/> </authorization> </system.web></configuration>(3)web.config#2
<?xml version="1.0" encoding="utf-8"?><configuration> <system.web> <authorization> <allow roles="controler"/> <deny users="*"/> </authorization> </system.web></configuration>==========================
關鍵代碼:
(1)login.aspx
<script language=c# runat=server>private void signin(Object sender,EventArgs e)
{
string aRole="guest"; if(tbName.Text=="caca")aRole="administrator"; if(tbName.Text=="wawa")aRole="controler"; //建立role-based認證票據(我認爲本質是cookie) FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket( 1, // version(版本?) tbName.Text, // user name(可能是生成票據驗證cookie的名稱) DateTime.Now, // creation(票據產生時間) DateTime.Now.AddMinutes(40),// Expiration(票據cookie失效時間) false, // Persistent(是否永久保持cookie) aRole ); // User data(角色)//修改票據cookie,使其加密(本質是寫入一個與票據cookie同名的新cookie) string encryptedTicket = FormsAuthentication.Encrypt(authTicket); HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName,encryptedTicket); Response.Cookies.Add(authCookie); //返回所請求的URL Response.Redirect( FormsAuthentication.GetRedirectUrl(tbName.Text, false ));
}private void signout(Object sender,EventArgs e){//註銷票據 FormsAuthentication.SignOut();}</script>
<html><head><title>LogIn</title></head><body><form runat=server>Name:<asp:textbox runat=server id=tbName/>[caca/wawa]<asp:button runat=server text=LogIn onclick=signin/><asp:button runat=server text=SignOut onclick=signout/><hr><asp:label runat=server id=lblMessage/></form></body></html>(2)Global.asax
<% @ import namespace=System.Security.Principal %><% @ import namespace=System.Security %> <script language=c# runat=server>protected void Application_AuthenticateRequest(Object sender, EventArgs e) {// Extract the forms authentication cookie(還原加密的票據) string cookieName = FormsAuthentication.FormsCookieName; HttpCookie authCookie = Context.Request.Cookies[cookieName]; if(null == authCookie)
{
// There is no authentication cookie. return;
} FormsAuthenticationTicket authTicket = null; try { authTicket = FormsAuthentication.Decrypt(authCookie.Value); } catch(Exception ex) { // Log exception details (omitted for simplicity) return; } if (null == authTicket) { // Cookie failed to decrypt. return; } // When the ticket was created, the UserData property was assigned a // pipe delimited string of role names.(票據已經還原,提取票據的UserData即爲驗證用戶的role) string[] roles = authTicket.UserData.Split(new char[]{'|'}); // Create an Identity object FormsIdentity id = new FormsIdentity( authTicket ); // This principal will flow throughout the request. GenericPrincipal principal = new GenericPrincipal(id, roles); // Attach the new principal object to the current HttpContext object Context.User = principal;//這幾句話我還沒有真正理解,希望以後能從本質上看透驗證過程.}</script>