您的位置：首页 > 其它

[转贴]Forms authentication and role-based security

2005-06-24 10:11 387 查看

// Create the authentication ticket
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(
1, //version
txtUserName.Text, // user name
DateTime.Now, // creation
DateTime.Now.AddMinutes(60),//Expiration
false, //Persistent
String.Join( "|", roles)); // User data

// Now encrypt the ticket.
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
// Create a cookie and add the encrypted ticket to the cookie as data.
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket);

// Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie);

// Redirect the user to the originally requested page
Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUserName.Text, false));Compare with the proposed approach:

// Get the cookie created by the FormsAuthentication API
// Notice that this cookie will have all the attributes according to
// the ones in the config file setting.
HttpCookie cookie = FormsAuthentication.GetAuthCookie( UserId.Text, false );
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);

// Store roles inside the Forms Ticket with all the attributes aligned with
// the config Forms section.
FormsAuthenticationTicket newticket = new FormsAuthenticationTicket( ticket.Version, ticket.Name, ticket.IssueDate, ticket.Expiration, ticket.IsPersistent, String.Join( "|", roles),
ticket.CookiePath);
// add the encrypted ticket to the cookie as data.
cookie.Value = FormsAuthentication.Encrypt(newticket);
// Update the outgoing cookies collection.
Context.Response.Cookies.Set(cookie);

// Redirect the user to the originally requested page
Response.Redirect( FormsAuthentication.GetRedirectUrl( newticket.Name,
newticket.IsPersistent ) );

具体例子请参照http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT04.asp?frame=true

内容来自用户分享和网络整理，不保证内容的准确性，如有侵权内容，可联系管理员处理

标签：

相关文章推荐

新的分享

章节导航