我想使一部分ASP.NET页面需登陆才能访问(并且根据登陆用户的角色确定其可使用页面的哪些功能),另一部分不用登陆就可访问。我于是在根目录下新建了一个子文件夹auth,放置需登陆才能访问的页面,并设置了该子文件夹的虚拟目录,加入了一个webconfig文件,主要配置如下:
<authentication mode="Forms">
<forms loginUrl="login.aspx" name="authCookie" ></forms>
</authentication> <authorization>
<deny users="?" />
<allow users="*" />
</authorization>
又加入了一个Global文件,主要设置如下:
using System.Web.Security;
using System.Security.Principal;
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{ // Extract the forms authentication cookie
string cookieName = FormsAuthentication.FormsCookieName;
HttpCookie authCookie = Context.Request.Cookies[cookieName]; if(null == authCookie)
{
// There is no authentication cookie.
return;
}
FormsAuthenticationTicket authTicket = null;
try
{
authTicket = FormsAuthentication.Decrypt(authCookie.Value);
}
catch (Exception ex)
{
// Log exception details (omitted for simplicity)
return;
} if (null == authTicket)
{
// Cookie failed to decrypt.
return;
}
// When the ticket was created, the UserData property was assigned a
// pipe delimited string of role names.
string[] roles = authTicket.UserData.Split(new char[]{'|'});
// Create an Identity object
FormsIdentity id = new FormsIdentity( authTicket ); // This principal will flow throughout the request.
GenericPrincipal principal = new GenericPrincipal(id, roles);
// Attach the new principal object to the current HttpContext object
Context.User = principal;
}
在login.aspx也作了登陆设置,但运行时总提示出错,具体如下:
“/DataBaseAndSecurity/auth”应用程序中的服务器错误。
--------------------------------------------------------------------------------分析器错误
说明: 在分析向此请求提供服务所需资源时出错。请检查下列特定分析错误详细信息并适当地修改源文件。 分析器错误信息: 未能加载类型“DataBaseAndSecurity.auth.Global”。源错误:
行 1: <%@ Application Codebehind="Global.asax.cs" Inherits="DataBaseAndSecurity.auth.Global" %> 源文件: E:\Inetpub\wwwroot\DataBaseAndSecurity\auth\global.asax 行: 1
--------------------------------------------------------------------------------
版本信息: Microsoft .NET Framework 版本:1.1.4322.573; ASP.NET 版本:1.1.4322.573
我总觉得自己是有一部分设置有误,请高手指点,或者也可以说一下你们对实现这种功能你们的做法。thanks
<authentication mode="Forms">
<forms loginUrl="login.aspx" name="authCookie" ></forms>
</authentication> <authorization>
<deny users="?" />
<allow users="*" />
</authorization>
又加入了一个Global文件,主要设置如下:
using System.Web.Security;
using System.Security.Principal;
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{ // Extract the forms authentication cookie
string cookieName = FormsAuthentication.FormsCookieName;
HttpCookie authCookie = Context.Request.Cookies[cookieName]; if(null == authCookie)
{
// There is no authentication cookie.
return;
}
FormsAuthenticationTicket authTicket = null;
try
{
authTicket = FormsAuthentication.Decrypt(authCookie.Value);
}
catch (Exception ex)
{
// Log exception details (omitted for simplicity)
return;
} if (null == authTicket)
{
// Cookie failed to decrypt.
return;
}
// When the ticket was created, the UserData property was assigned a
// pipe delimited string of role names.
string[] roles = authTicket.UserData.Split(new char[]{'|'});
// Create an Identity object
FormsIdentity id = new FormsIdentity( authTicket ); // This principal will flow throughout the request.
GenericPrincipal principal = new GenericPrincipal(id, roles);
// Attach the new principal object to the current HttpContext object
Context.User = principal;
}
在login.aspx也作了登陆设置,但运行时总提示出错,具体如下:
“/DataBaseAndSecurity/auth”应用程序中的服务器错误。
--------------------------------------------------------------------------------分析器错误
说明: 在分析向此请求提供服务所需资源时出错。请检查下列特定分析错误详细信息并适当地修改源文件。 分析器错误信息: 未能加载类型“DataBaseAndSecurity.auth.Global”。源错误:
行 1: <%@ Application Codebehind="Global.asax.cs" Inherits="DataBaseAndSecurity.auth.Global" %> 源文件: E:\Inetpub\wwwroot\DataBaseAndSecurity\auth\global.asax 行: 1
--------------------------------------------------------------------------------
版本信息: Microsoft .NET Framework 版本:1.1.4322.573; ASP.NET 版本:1.1.4322.573
我总觉得自己是有一部分设置有误,请高手指点,或者也可以说一下你们对实现这种功能你们的做法。thanks
用记事本打开Global.asax文件修改就可以搞定了