Home > Article > Backend Development > ASP.NET Forms authentication
ASP.NET Forms authentication
- 高洛峰Original
- 2017-02-10 17:09:061259browse
In the asp.net program, users can access corresponding pages and functions based on their roles. This article will introduce this, which has a very good reference value. Let’s take a look at it with the editor
asp.net program development. Users access corresponding pages and functions according to their roles.
The project structure is as follows:
##Root directory Web.config code:
<?xml version="1.0" encoding="utf-8"?>
<!--
有关如何配置 ASP.NET 应用程序的详细消息,请访问
http://www.php.cn/
-->
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<authentication mode="Forms">
<forms loginUrl="login.aspx"></forms>
</authentication>
<!--<authorization>
<allow users="*"></allow>
</authorization>-->
</system.web>
</configuration>
Web.config code in the admin folder:
<?xml version="1.0"?> <configuration> <system.web> <authorization> <allow roles="admin" /> <deny users="*"/> </authorization> </system.web> </configuration>
Web.config code in the teacher folder:
<?xml version="1.0"?> <configuration> <system.web> <authorization> <allow roles="teacher" /> <deny users="*"/> </authorization> </system.web> </configuration>
Web.config code in student folder:
<?xml version="1.0"?> <configuration> <system.web> <authorization> <allow roles="student" /> <deny users="*"/> </authorization> </system.web> </configuration>
Login Set Cookie after successful login in .aspx, set Cookie code:
protected void SetLoginCookie(string username, string roles)
{
System.Web.Security.FormsAuthentication.SetAuthCookie(username, false);
System.Web.Security.FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, username, DateTime.Now, DateTime.Now.AddDays(1), false, roles, "/");
string hashTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie userCookie = new HttpCookie(FormsAuthentication.FormsCookieName, hashTicket);
HttpContext.Current.Response.SetCookie(userCookie);
}
Global.asax for identity Verification:
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
HttpApplication app = (HttpApplication)sender;
HttpContext ctx = app.Context; //获取本次Http请求的HttpContext对象
if (ctx.User != null)
{
if (ctx.Request.IsAuthenticated == true) //验证过的一般用户才能进行角色验证
{
System.Web.Security.FormsIdentity fi = (System.Web.Security.FormsIdentity)ctx.User.Identity;
System.Web.Security.FormsAuthenticationTicket ticket = fi.Ticket; //取得身份验证票
string userData = ticket.UserData;//从UserData中恢复role信息
string[] roles = userData.Split(','); //将角色数据转成字符串数组,得到相关的角色信息
ctx.User = new System.Security.Principal.GenericPrincipal(fi, roles); //这样当前用户就拥有角色信息了
}
}
}For more articles related to ASP.NET Forms identity authentication, please pay attention to the PHP Chinese website! Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:How to extract multi-layer nested json data in asp.netNext article:How to extract multi-layer nested json data in asp.net