對於登陸的特定用戶 可以在web.config 文件設置其權限
web.config 只給admin用戶授權登陸
<!--
通過 <authentication> 節可以配置 ASP.NET 用來
識別進入用戶的
安全身份驗證模式。
-->
<authentication mode="Forms">
<forms name="Login" loginUrl="login.aspx" defaultUrl="noteFlatroot/index.aspx" timeout ="60">
<credentials passwordFormat="SHA1"></credentials>
</forms>
</authentication>
<authorization >
<deny users="?"/>
<allow users ="admin"/>
<deny users ="*"/>
</authorization>
保存用戶信息到驗證票 驗證權限的類
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Security;
/// <summary>
///YanZLogin 的摘要說明
/// </summary>
public class YanZLogin
{
public YanZLogin()
{ }
//
//TODO: 在此處添加構造函數邏輯
//
// 身份驗證的代碼
public static string AuthenticationTicket(string username)
{
FormsAuthenticationTicket tichet = new FormsAuthenticationTicket(1, username, DateTime.Now, DateTime.Now.AddHours(24), true, "");
string hashticket = FormsAuthentication.Encrypt(tichet); //加密
HttpCookie userCookie = new HttpCookie(FormsAuthentication.FormsCookieName);
userCookie.Value = hashticket;//獲取或設置單個 Cookie 值。
userCookie.Expires = tichet.Expiration;//設置此Cookie 的過期日期和時間
userCookie.Domain = FormsAuthentication.CookieDomain;//獲取或設置將此 Cookie 與其關聯的域
HttpContext.Current.Response.Cookies.Add(userCookie);//將對象添加到Cookie 中去
string requestUrl = FormsAuthentication.GetRedirectUrl(FormsAuthentication.FormsCookieName, false);
//不要使用FormsAuthentication.RedirectFromLoginPage方法,因爲這個方法會重寫cookie
//重新定向到請求的url
return requestUrl;
}
}
login.aspx.cs 文件
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Configuration;
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
SerialNumber1.Create();
}
}
protected void LinkButton1_Click(object sender, EventArgs e)
{
this.SerialNumber1.Create();
}
/// <summary>
/// 提交登陸信息
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void btnLogin_Click(object sender, EventArgs e)
{
string returnUrl = Request.QueryString["ReturnUrl"];
string Lpwd = ConfigurationManager.ConnectionStrings["pwd"].ToString();
//判斷驗證碼是否錯誤
if (!SerialNumber1.CheckSN(txtYZ.Text.Trim()))
{
Page.ClientScript.RegisterStartupScript(this.GetType(), "", "<script>alert('驗證碼錯誤!')</script>");
}
else
{
string name = txtName.Text;
string pwd = txtPwd.Text;
if (pwd.Equals(Lpwd))
{
YanZLogin.AuthenticationTicket(name);
Page.ClientScript.RegisterStartupScript(this.GetType(), "", "<script>location.href='" + returnUrl + "'</script>");
}
else
Page.ClientScript.RegisterStartupScript(this.GetType(), "", "<script>alert('密碼錯誤!')</script>");
}
}
}