[转贴]Forms authentication and role-based security
2005-06-24 10:11
387 查看
// Create the authentication ticket
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(
1, //version
txtUserName.Text, // user name
DateTime.Now, // creation
DateTime.Now.AddMinutes(60),//Expiration
false, //Persistent
String.Join( "|", roles)); // User data
// Now encrypt the ticket.
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
// Create a cookie and add the encrypted ticket to the cookie as data.
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket);
// Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie);
// Redirect the user to the originally requested page
Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUserName.Text, false));Compare with the proposed approach:
具体例子请参照http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT04.asp?frame=true
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(
1, //version
txtUserName.Text, // user name
DateTime.Now, // creation
DateTime.Now.AddMinutes(60),//Expiration
false, //Persistent
String.Join( "|", roles)); // User data
// Now encrypt the ticket.
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
// Create a cookie and add the encrypted ticket to the cookie as data.
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket);
// Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie);
// Redirect the user to the originally requested page
Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUserName.Text, false));Compare with the proposed approach:
// Get the cookie created by the FormsAuthentication API // Notice that this cookie will have all the attributes according to // the ones in the config file setting. HttpCookie cookie = FormsAuthentication.GetAuthCookie( UserId.Text, false ); FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value); // Store roles inside the Forms Ticket with all the attributes aligned with // the config Forms section. FormsAuthenticationTicket newticket = new FormsAuthenticationTicket( ticket.Version, ticket.Name, ticket.IssueDate, ticket.Expiration, ticket.IsPersistent, String.Join( "|", roles), ticket.CookiePath); // add the encrypted ticket to the cookie as data. cookie.Value = FormsAuthentication.Encrypt(newticket); // Update the outgoing cookies collection. Context.Response.Cookies.Set(cookie); // Redirect the user to the originally requested page Response.Redirect( FormsAuthentication.GetRedirectUrl( newticket.Name, newticket.IsPersistent ) ); |
<configuration> <system.web> <authentication mode="Forms"> <forms loginUrl="Secure/login.aspx" protection="All" requireSSL[/b]="true" timeout="10" name="FormsAuthCookie" path="/FormsAuth" slidingExpiration="true" /> </authentication> </system.web> </configuration> |
相关文章推荐
- Understanding the Forms Authentication Ticket and Cookie
- ASP.NET Session and Forms Authentication and Session Fixation
- Role-based Security with Forms Authentication
- Role-based Security with Forms Authentication
- Security Tutorials系列文章第三章:Forms Authentication Configuration and Advanced Topics
- Caution with using asp.net session timeout and FormsAuthentication timeout together
- Active Directory Authentication in ASP.NET MVC 5 with Forms Authentication and Group-Based Authorization
- Forms Authentication timeout and Expiration
- Role-based Security with Forms Authentication
- Security Tutorials系列文章第三章:Forms Authentication Configuration and Advanced Topics
- How to authenticate against the Active Directory by using Forms authentication and Visual C# .NET
- Role-Based Security With Forms Authentication
- Introduction and Configuration SharePoint 2013 Forms Based Authentication
- Role-based Security with Forms Authentication
- http://www.yybean.com/opensessioninviewfilter-role-and-configuration
- FormsAuthenticationTicket基于forms的验证
- Difference between "select_catalog_role" and "select any dictionary"
- Using Forms Authentication in ASP.NET - Part 1
- C++ 之 Direct and Copy Forms of Initialization
- 关于asp.net Forms验证 FormsAuthenticationTicket