您的位置：首页 > 其它

基于角色(Role-Based)的表单验证

2006-12-06 18:23 477 查看

src:http://www.cnblogs.com/caca/archive/2004/07/26/27267.aspx
http://blog.csdn.net/amomi/archive/2005/03/07/313335.aspx

要求:
using System.Web.Security
using System.Security.Principal

[Principal]:主要的(这里怎样翻译呢??)
==================================

目录

+admin1

-default.aspx

-web.config //web.config#1

+admin2

-default.aspx

-web.config//web.config#2

+bin

-web.config//web.config#root

-login.aspx

==========================
目的:
admin1文件夹:只有role是administrator可以访问.
admini2文件夹:只有role是controler可以访问.

帐号,密码,角色存储在特定数据库中.

本例目的(其他道理相同):
caca是administrator
wawa是controler
所以caca可以访问admin1,不能访问admin2;wawa反之.

==========================
配置:
(1)web.config#root

<?xml version="1.0" encoding="utf-8"?>

<system.web>

</authentication>

</system.web>

</configuration>

(2)web.config#1

<?xml version="1.0" encoding="utf-8"?>

<system.web>

</authorization>

</system.web>

</configuration>

(3)web.config#2

<?xml version="1.0" encoding="utf-8"?>

<system.web>

</authorization>

</system.web>

</configuration>

==========================
关键代码:
(1)login.aspx

private void signin(Object sender,EventArgs e)

{

string aRole="guest";

if(tbName.Text=="caca")aRole="administrator";

if(tbName.Text=="wawa")aRole="controler";

//建立role-based认证票据(我认为本质是cookie)

FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(

1, // version(版本?)

tbName.Text, // user name(可能是生成票据验证cookie的名称)

DateTime.Now, // creation(票据产生时间)

DateTime.Now.AddMinutes(40),// Expiration(票据cookie失效时间)

false, // Persistent(是否永久保持cookie)

aRole ); // User data(角色)

//修改票据cookie,使其加密(本质是写入一个与票据cookie同名的新cookie)

string encryptedTicket = FormsAuthentication.Encrypt(authTicket);

HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName,encryptedTicket);

Response.Cookies.Add(authCookie);

//返回所请求的URL

Response.Redirect( FormsAuthentication.GetRedirectUrl(tbName.Text, false ));

}

private void signout(Object sender,EventArgs e)

{

//注销票据

FormsAuthentication.SignOut();

}

</script>

<html>

<head>

<title>LogIn</title>

</head>

<body>

Name:<asp:textbox runat=server id=tbName/>[caca/wawa]

<asp:button runat=server text=LogIn onclick=signin/>

<asp:button runat=server text=SignOut onclick=signout/>

<hr>

<asp:label runat=server id=lblMessage/>

</form>

</body>

</html>

(2)Global.asax

<% @ import namespace=System.Security.Principal %>

<% @ import namespace=System.Security %>

protected void Application_AuthenticateRequest(Object sender, EventArgs e)

{

// Extract the forms authentication cookie(还原加密的票据)

string cookieName = FormsAuthentication.FormsCookieName;

HttpCookie authCookie = Context.Request.Cookies[cookieName];

if(null == authCookie)

{

// There is no authentication cookie.

return;

}

FormsAuthenticationTicket authTicket = null;

try

{

authTicket = FormsAuthentication.Decrypt(authCookie.Value);

}

catch(Exception ex)

{

// Log exception details (omitted for simplicity)

return;

}

if (null == authTicket)

{

// Cookie failed to decrypt.

return;

}

// When the ticket was created, the UserData property was assigned a

// pipe delimited string of role names.(票据已经还原,提取票据的UserData即为验证用户的role)

string[] roles = authTicket.UserData.Split(new char[]

{'|'});

// Create an Identity object

FormsIdentity id = new FormsIdentity( authTicket );

// This principal will flow throughout the request.

GenericPrincipal principal = new GenericPrincipal(id, roles);

// Attach the new principal object to the current HttpContext object

Context.User = principal;

//这几句话我还没有真正理解,希望以后能从本质上看透验证过程.

}

</script>

内容来自用户分享和网络整理，不保证内容的准确性，如有侵权内容，可联系管理员处理

标签： authorization authentication server encoding string forms

相关文章推荐

新的分享

章节导航