MVC 用户身份验证(FormsAuthentication、Cookie、Session)
2013-03-09 14:28
330 查看
一、FormsAuthentication
解释:当用户登录时,服务器为确认客户端通过验证要通过cookie向客户端写验证(Authenticat)信息,
在登录页面刚验证完成后服务器还没有把cookie 回发到Client,所以会没有值,
当服务器第二次Response的时候,就会从客户端读取Cookie,要想有此Cookie还要在web.config文件中配置相应的参数
二、Cookie
或者
或者
三、Session
示例:
1、类文件
2、调用方法
(1)登录设置
CookieOperation cookie = new CookieOperation();
cookie.WriteCookie("S_Id", Model.UserID.ToString());
(2)权限判断
//权限判断
CookieOperation cookie = new CookieOperation();
strUsername = cookie.GetCookie("S_UserNameCn");
if (string.IsNullOrEmpty(strUsername))
{
Response.Redirect("Login.aspx");
}
(3) 退出
CookieOperation cookie = new CookieOperation();
string username = cookie.GetCookie("S_UserNameCn");
if (!string.IsNullOrEmpty(username))
{
cookie.WriteCookie("S_UserNameCn", "");
cookie.WriteCookie("S_UserMemo", "");
cookie.WriteCookie("S_bqqx", "");
cookie.WriteCookie("S_Id", "");
}
context.Response.Redirect("../Login.aspx");
扩展阅读:
MVC 拦截器之授权 AuthorizeAttribute
解释:当用户登录时,服务器为确认客户端通过验证要通过cookie向客户端写验证(Authenticat)信息,
在登录页面刚验证完成后服务器还没有把cookie 回发到Client,所以会没有值,
当服务器第二次Response的时候,就会从客户端读取Cookie,要想有此Cookie还要在web.config文件中配置相应的参数
/// <summary> /// 存入Form身份验证票证 /// </summary> /// <returns></returns> public static void SetFormAuthenti() { //如果为 true,则创建持久 Cookie(跨浏览器会话保存的 Cookie) FormsAuthentication.SetAuthCookie("存入Form身份验证票证", true); } /// <summary> /// 获得Form身份验证票证 /// </summary> /// <returns></returns> public static string GetFormAuthenti() { string str = ""; if (HttpContext.Current.User.Identity.IsAuthenticated)//用户是否验证过 { str = HttpContext.Current.User.Identity.Name;//获取用户名 } return str; } /// <summary> /// 从浏览器中删除Form身份验证票证 /// </summary> public static void DelFormAuthenti() { FormsAuthentication.SignOut(); }
二、Cookie
//存Cookie HttpCookie SetCookie = new HttpCookie("ckName"); SetCookie["id"] = "100001271"; Response.Cookies.Add(SetCookie); //取Cookie HttpCookie GetCookie = Request.Cookies["ckName"]; string id = GetCookie["id"];
或者
//存Cookie Response.Cookies["id"].Value = "100001272"; //取Cookie string id = Request.Cookies["id"].Value; //设置过去时间 Response.Cookies["id"].Expires = DateTime.Now.AddSeconds(10);
或者
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Web; namespace Comm { public class CookieOperation { /// <summary> /// 写cookie值 /// 登陆:WriteCookie(键,值) /// 退出:WriteCookie(键,"") /// </summary> /// <param name="strName">名称</param> /// <param name="strValue">值</param> public void WriteCookie(string strName, string strValue) { HttpCookie cookie = HttpContext.Current.Request.Cookies[strName]; if (cookie == null) { cookie = new HttpCookie(strName); } cookie.Value = HttpUtility.UrlEncode(strValue, Encoding.GetEncoding("UTF-8")); cookie.Expires = DateTime.Now.AddDays(14); HttpContext.Current.Response.AppendCookie(cookie); } /// <summary> /// 读cookie值 ///string loginName = GetCookie(xxx); ///string checkValue = GetCookie(xxx); ///if (!string.IsNullOrEmpty(loginName) && !string.IsNullOrEmpty(checkValue)) ///{ /// //cookie存在 ///} ///else ///{ /// //cookie不存在,跳转 ///} /// </summary> /// <param name="strName">名称</param> /// <returns>cookie值</returns> public string GetCookie(string strName) { try { if (HttpContext.Current.Request.Cookies != null && HttpContext.Current.Request.Cookies[strName] != null) { return HttpUtility.UrlDecode(HttpContext.Current.Request.Cookies[strName].Value.ToString(), Encoding.GetEncoding("UTF-8")); } } catch { return ""; } return ""; } } }
三、Session
//存 Session["id"] = "100001273"; //获取 string id = Session["id"].ToString();
示例:
1、类文件
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Web; namespace Comm { public class CookieOperation { /// <summary> /// 写cookie值 /// 登陆:WriteCookie(键,值) /// 退出:WriteCookie(键,"") /// </summary> /// <param name="strName">名称</param> /// <param name="strValue">值</param> public void WriteCookie(string strName, string strValue) { HttpCookie cookie = HttpContext.Current.Request.Cookies[strName]; if (cookie == null) { cookie = new HttpCookie(strName); } cookie.Value = HttpUtility.UrlEncode(strValue, Encoding.GetEncoding("UTF-8")); cookie.Expires = DateTime.Now.AddDays(14); HttpContext.Current.Response.AppendCookie(cookie); } /// <summary> /// 读cookie值 ///string loginName = GetCookie(xxx); ///string checkValue = GetCookie(xxx); ///if (!string.IsNullOrEmpty(loginName) && !string.IsNullOrEmpty(checkValue)) ///{ /// //cookie存在 ///} ///else ///{ /// //cookie不存在,跳转 ///} /// </summary> /// <param name="strName">名称</param> /// <returns>cookie值</returns> public string GetCookie(string strName) { try { if (HttpContext.Current.Request.Cookies != null && HttpContext.Current.Request.Cookies[strName] != null) { return HttpUtility.UrlDecode(HttpContext.Current.Request.Cookies[strName].Value.ToString(), Encoding.GetEncoding("UTF-8")); } } catch { return ""; } return ""; } } }
2、调用方法
(1)登录设置
CookieOperation cookie = new CookieOperation();
cookie.WriteCookie("S_Id", Model.UserID.ToString());
(2)权限判断
//权限判断
CookieOperation cookie = new CookieOperation();
strUsername = cookie.GetCookie("S_UserNameCn");
if (string.IsNullOrEmpty(strUsername))
{
Response.Redirect("Login.aspx");
}
(3) 退出
CookieOperation cookie = new CookieOperation();
string username = cookie.GetCookie("S_UserNameCn");
if (!string.IsNullOrEmpty(username))
{
cookie.WriteCookie("S_UserNameCn", "");
cookie.WriteCookie("S_UserMemo", "");
cookie.WriteCookie("S_bqqx", "");
cookie.WriteCookie("S_Id", "");
}
context.Response.Redirect("../Login.aspx");
扩展阅读:
MVC 拦截器之授权 AuthorizeAttribute
相关文章推荐
- 基类中SESSION与COOKIE双重用户身份验证
- 在WebService中使用Session或Cookie---实现WebService身份验证(客户端是Flex)
- ASP.NET MVC5+MySql使用ASP.NET 身份验证实现用户和角色功能 1 概述 目标:使用MySql数据库,建立一个使用ASP.NET 身份验证的应用,并实现角色功能,身份
- 一套.net窗体身份验证方案(解决了防止用户重复登陆,session超时等问题)
- 蛙蛙推荐:一套.net窗体身份验证方案(解决了防止用户重复登陆,session超时等问题)
- django 中的用户身份验证和 session 的关系
- ASP.NET MVC Cookie 身份验证
- .net MVC使用Session验证用户登录(转载)
- 一套.net窗体身份验证方案(解决了防止用户重复登陆,session超时等问题)
- django 中的用户身份验证和 session 的关系
- 蛙蛙推荐:一套.net窗体身份验证方案(解决了防止用户重复登陆,session超时等问题)
- 应用层之用户-服务器交互: 身份验证与cookie
- (转贴)一套.net窗体身份验证方案(解决了防止用户重复登陆,session超时等问题)
- 使用加密cookie代替session验证用户登录状态
- 一套.net窗体身份验证方案(解决了防止用户重复登陆,session超时等问题)
- 一套.net窗体身份验证方案(解决了防止用户重复登陆,session超时等问题)
- django 中的用户身份验证和 session 的关系
- 服务端如何识别已登录用户身份之Session管理和Cookie应用
- 一套.net窗体身份验证方案(解决了防止用户重复登陆,session超时等问题)
- 一套.net窗体身份验证方案(防用户重复登陆,session超时)