今天闲着无聊.想起来了asp.net身份验证.感觉良好.贴出下列代码:
login.aspx html代码
1<%@ page language="c#" codebehind="02login.aspx.cs" autoeventwireup="false" inherits="身份验证._02login" %>
2<!doctype html public "-//w3c//dtd html 4.0 transitional//en" >
3<html>
4 <head>
5 <title>02login</title>
6 <meta name="generator" content="microsoft visual studio .net 7.1">
7 <meta name="code_language" content="c#">
8 <meta name="vs_defaultclientscript" content="javascript">
9 <meta name="vs_targetschema" content="http://schemas.microsoft.com/intellisense/ie5">
10 </head>
11 <body ms_positioning="gridlayout">
12 <form id="form1" method="post" runat="server">
13 <font face="宋体">
14 <table id="table1"
15 cellspacing="1" cellpadding="1" width="446" border="1">
16 <tr>
17 <td>
18 <asp:label id="label1" runat="server">用户名称:</asp:label></td>
19 <td>
20 <asp:textbox id="tbname" runat="server" width="183px"></asp:textbox></td>
21 <td>
22 <asp:requiredfieldvalidator id="requiredfieldvalidator1" runat="server" errormessage="用户名不能为空!" controltovalidate="tbname"></asp:requiredfieldvalidator></td>
23 </tr>
24 <tr>
25 <td>
26 <asp:label id="label2" runat="server">密码:</asp:label></td>
27 <td>
28 <asp:textbox id="tbpass" runat="server" width="183px"></asp:textbox></td>
29 <td>
30 <asp:requiredfieldvalidator id="requiredfieldvalidator2" runat="server" errormessage="密码不能为空!" controltovalidate="tbpass"></asp:requiredfieldvalidator></td>
31 </tr>
32 <tr>
33 <td><font face="宋体">是否保存cookie</font></td>
34 <td>
35 <asp:checkbox id="persistcookie" runat="server"></asp:checkbox></td>
36 <td></td>
37 </tr>
38 </table>
39 <asp:button id="btnloginbetter"
40 runat="server" width="78px" text="登录"></asp:button>
41 <asp:hyperlink id="hyperlink1"
42 runat="server" navigateurl="default.aspx">hyperlink</asp:hyperlink></font>
43 </form>
44 </body>
45</html>
login.aspx.cs代码如下
private void btnloginbetter_click(object sender, system.eventargs e)
{
if (this.tbname.text == "admin" && this.tbpass.text == "admin")
{
formsauthenticationticket ticket = new formsauthenticationticket(1,this.tbname.text,datetime.now,datetime.now.addminutes(30),this.persistcookie.checked,"user");//创建一个验证票据
string cookiestr = formsauthentication.encrypt(ticket);进行加密
httpcookie cookie = new httpcookie(formsauthentication.formscookiename,cookiestr);创建一个cookie,cookie名为web.config设置的名,值为加密后的数据cookiestr,
if (this.persistcookie.checked)//判断用户是否选中保存cookie
cookie.expires = ticket.expiration;//获取cookie过期时间
cookie.path = formsauthentication.formscookiepath;//设置cookie保存路径
response.cookies.add(cookie);
string strredirect;
strredirect = request["returnurl"];//取出返回url
if (strredirect == null)
strredirect = "default.aspx";
response.redirect(strredirect,true);
}
else
{
response.write("<script>alert('帐号或密码错误!');self.location.href='02login.aspx'</script>");
}
}
default.aspx html代码
<body ms_positioning="gridlayout">
<form id="form1" method="post" runat="server">
<font face="宋体">
<asp:label id="label1" runat="server">用户名称:</asp:label>
<asp:label id="label2" runat="server">身份:</asp:label>
<asp:label id="lbuser" runat="server"></asp:label>
<asp:label id="lbsf" runat="server"></asp:label>
<asp:button id="btnlogout"
runat="server" text="注销" width="101px"></asp:button></font>
</form>
</body>
后置代码
private void page_load(object sender, system.eventargs e)
{
this.lbuser.text = user.identity.name;
if (user.isinrole("admin"))
this.lbsf.text = "admin";
else
this.lbsf.text = "user";
}
web 窗体设计器生成的代码#region web 窗体设计器生成的代码
override protected void oninit(eventargs e)
{
//
// codegen: 该调用是 asp.net web 窗体设计器所必需的。
//
initializecomponent();
base.oninit(e);
}
/**//// <summary>
/// 设计器支持所需的方法 - 不要使用代码编辑器修改
/// 此方法的内容。
/// </summary>
private void initializecomponent()
{
this.btnlogout.click += new system.eventhandler(this.btnlogout_click);
this.load += new system.eventhandler(this.page_load);
}
#endregion
private void btnlogout_click(object sender, system.eventargs e)
{
formsauthentication.signout();//注销票
response.redirect("login.aspx",true);返回login.aspx页面
}
webconfig配置如下
<authentication mode="forms" >
<forms name=".securitydemo" loginurl="login.aspx">//.securitydemo为cookie名,
</forms>
</authentication>
<authorization>
<deny users="?"/> //拒绝所有匿名用户
<allow roles="admins"/>//允许管理级别用户访问
</authorization>
自我感觉asp写多了,一般是用session进行判断用户是否合法,但在一个asp.net项目中使用身份验证,基本上所有页面都要验证才能访问,感觉有点迁强.但可以在web.config页面对指定的页面设置权限,设置代码如下
<location path="admin.aspx">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
如果只有几个页面设置如上代码,感觉还可以接受.但页面多了岂不是要把人累死呀..
可能是小的项目做多了,大项目没接触过.请高手给指点具体用途呀.不甚感激
新闻热点
疑难解答
图片精选
