asp.net身份驗證和授權

2024-07-10 13:09:24

字體：大中小

來源：轉載

供稿：網友

今天閑著無聊．想起來了asp.net身份驗證．感覺良好．貼出下列代碼:
login.aspx html代碼

1<%@ page language="c#" codebehind="02login.aspx.cs" autoeventwireup="false" inherits="身份驗證._02login" %>
2<!doctype html public "-//w3c//dtd html 4.0 transitional//en" >
3<html>
4    <head>
5        <title>02login</title>
6        <meta name="generator" content="microsoft visual studio .net 7.1">
7        <meta name="code_language" content="c#">
8        <meta name="vs_defaultclientscript" content="javascript">
9        <meta name="vs_targetschema" content="http://schemas.microsoft.com/intellisense/ie5">
10    </head>
11    <body ms_positioning="gridlayout">
12        <form id="form1" method="post" runat="server">
13            <font face="宋體">
14                <table id="table1"
15                    cellspacing="1" cellpadding="1" width="446" border="1">
16                    <tr>
17                        <td>
18                            <asp:label id="label1" runat="server">用戶名稱：</asp:label></td>
19                        <td>
20                            <asp:textbox id="tbname" runat="server" width="183px"></asp:textbox></td>
21                        <td>
22                            <asp:requiredfieldvalidator id="requiredfieldvalidator1" runat="server" errormessage="用戶名不能為空！" controltovalidate="tbname"></asp:requiredfieldvalidator></td>
23                    </tr>
24                    <tr>
25                        <td>
26                            <asp:label id="label2" runat="server">密碼：</asp:label></td>
27                        <td>
28                            <asp:textbox id="tbpass" runat="server" width="183px"></asp:textbox></td>
29                        <td>
30                            <asp:requiredfieldvalidator id="requiredfieldvalidator2" runat="server" errormessage="密碼不能為空！" controltovalidate="tbpass"></asp:requiredfieldvalidator></td>
31                    </tr>
32                    <tr>
33                        <td><font face="宋體">是否保存cookie</font></td>
34                        <td>
35                            <asp:checkbox id="persistcookie" runat="server"></asp:checkbox></td>
36                        <td></td>
37                    </tr>
38                </table>
39                <asp:button id="btnloginbetter"
40                    runat="server" width="78px" text="登錄"></asp:button>
41                <asp:hyperlink id="hyperlink1"
42                    runat="server" navigateurl="default.aspx">hyperlink</asp:hyperlink></font>
43        </form>
44    </body>
45</html>
login.aspx.cs代碼如下

private void btnloginbetter_click(object sender, system.eventargs e)
{
   if (this.tbname.text == "admin" && this.tbpass.text == "admin")
   {
    formsauthenticationticket ticket = new formsauthenticationticket(1,this.tbname.text,datetime.now,datetime.now.addminutes(30),this.persistcookie.checked,"user");//創建一個驗證票據
    string cookiestr = formsauthentication.encrypt(ticket);進行加密
    httpcookie cookie = new httpcookie(formsauthentication.formscookiename,cookiestr);創建一個cookie，cookie名為web.config設置的名,值為加密后的數據cookiestr,
    if (this.persistcookie.checked)//判斷用戶是否選中保存cookie
     cookie.expires = ticket.expiration;//獲取cookie過期時間
    cookie.path = formsauthentication.formscookiepath;//設置cookie保存路徑
    response.cookies.add(cookie);
    string strredirect;
    strredirect = request["returnurl"];//取出返回url
    if (strredirect == null)
     strredirect = "default.aspx";
    response.redirect(strredirect,true);

   }
   else
   {
    response.write("<script>alert('帳號或密碼錯誤!');self.location.href='02login.aspx'</script>");
   }
}

default.aspx　html代碼

<body ms_positioning="gridlayout">
        <form id="form1" method="post" runat="server">
            <font face="宋體">
                <asp:label id="label1" runat="server">用戶名稱：</asp:label>
                <asp:label id="label2" runat="server">身份：</asp:label>
                <asp:label id="lbuser" runat="server"></asp:label>
                <asp:label id="lbsf" runat="server"></asp:label>
                <asp:button id="btnlogout"
                    runat="server" text="注銷" width="101px"></asp:button></font>
        </form>
    </body>
后置代碼

private void page_load(object sender, system.eventargs e)
{
   this.lbuser.text = user.identity.name;
   if (user.isinrole("admin"))
    this.lbsf.text = "admin";
   else
    this.lbsf.text = "user";
}

web 窗體設計器生成的代碼#region web 窗體設計器生成的代碼
override protected void oninit(eventargs e)
{
   //
   // codegen: 該調用是 asp.net web 窗體設計器所必需的。
   //
   initializecomponent();
   base.oninit(e);
}

/**//// <summary>
/// 設計器支持所需的方法 - 不要使用代碼編輯器修改
/// 此方法的內容。
/// </summary>
private void initializecomponent()
{
   this.btnlogout.click += new system.eventhandler(this.btnlogout_click);
   this.load += new system.eventhandler(this.page_load);

}
#endregion

private void btnlogout_click(object sender, system.eventargs e)
{
formsauthentication.signout();//注銷票
response.redirect("login.aspx",true);返回login.aspx頁面
}

webconfig配置如下
<authentication mode="forms" >
<forms name=".securitydemo" loginurl="login.aspx">//.securitydemo為cookie名,
</forms>
</authentication>

<authorization>
            <deny users="?"/> //拒絕所有匿名用戶
            <allow roles="admins"/>//允許管理級別用戶訪問
   </authorization>
自我感覺asp寫多了，一般是用session進行判斷用戶是否合法,但在一個asp.net項目中使用身份驗證,基本上所有頁面都要驗證才能訪問，感覺有點遷強.但可以在web.config頁面對指定的頁面設置權限,設置代碼如下
<location path="admin.aspx">
    <system.web>
      <authorization>
        <deny users="?" />
      </authorization>
    </system.web>
</location>
如果只有幾個頁面設置如上代碼,感覺還可以接受.但頁面多了豈不是要把人累死呀．．
可能是小的項目做多了,大項目沒接觸過.請高手給指點具體用途呀．不甚感激