我需要根据角度设置权限。
部分web.config如下:<?xml version="1.0"?>
<configuration>
<connectionStrings>
<add name="TESTConnectionString3" connectionString="Data Source=192.168.10.254;Initial Catalog=TEST;User ID=sa;Password=123456"
providerName="System.Data.SqlClient" />
<add name="TESTConnectionString" connectionString="Data Source=192.168.10.254;Initial Catalog=TEST;User ID=sa;Password=123456"
providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="Login.aspx" defaultUrl="MainPage.aspx" protection="All" timeout="30" path="/"></forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
<machineKey decryption="Auto" validation="SHA1"/>
<compilation debug="true">
<assemblies>
<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</assemblies>
</compilation>
<pages>
<controls>
<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
</controls>
</pages>
<httpHandlers>
<remove verb="*" path="*.asmx"/>
<add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false"/>
</httpHandlers>
<httpModules>
<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
</httpModules>
</system.web>
<location path="MainPage.aspx">
<system.web>
<authorization>
<allow roles="admin,provider,purchaser"/>
<deny users="*"></deny>
</authorization>
</system.web>
</location>
<location path="extended_name.xml">
<system.web>
<authorization>
<deny users="*"></deny>
</authorization>
</system.web>
</location>后台程序如下:protected void btn_dl_Click(object sender, EventArgs e)
{
string login = txt_user.Text;
string passwod = txt_paswd.Text;
if (IsInUser(login, passwod) == true)
{
string role = GetRole(login);
if (role != null)
{
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, login, DateTime.Now, DateTime.Now.AddMinutes(30), false, role, "/");
string hashticket = FormsAuthentication.Encrypt(ticket);
HttpCookie usercookie = new HttpCookie(FormsAuthentication.FormsCookieName, hashticket);
Context.Response.Cookies.Add(usercookie);
if (Context.Request["ReturnUrl"] != null)
{
Response.Redirect(Context.Request["ReturnUrl"]);
}
else
{
Response.Redirect(FormsAuthentication.DefaultUrl);
}
}
}
else
Response.Write("<script>alert('用户名或密码不正确!');document.location=document.location;</script>");
} public bool IsInUser(string login, string passwod)
{
string comm = "select userID,login,password,name,company,companyID,power from [user] where login='" + login + "' and password='" + passwod + "'";
string conn = "server=192.168.10.254;database=TEST;uid=sa;pwd=19780411";
try
{
SqlConnection thisConntection = new SqlConnection(conn);
thisConntection.Open();
SqlCommand thisCommand = thisConntection.CreateCommand();
thisCommand.CommandText = comm;
SqlDataReader thisReader = thisCommand.ExecuteReader();
if (thisReader.Read())
{
Response.Write("<script>window.location.href('MainPage.aspx')</script>");
//Session["userID"] = thisReader[0];
Session["login"] = thisReader[1];
Session["name"] = thisReader[3];
Session["company"] = thisReader[4];
Session["companyID"] = thisReader[5];
Session["power"] = thisReader[6];
thisReader.Close();
thisConntection.Close();
return true;
}
else
{
thisReader.Close();
thisConntection.Close();
return false;
}
}
catch
{
Response.Write("<script>alert('异常错误!');document.location=document.location;</script>");
return false;
}
} public string GetRole(string login)
{
string comm = "select login,role from [user] where login='" + login + "'";
string conn = "server=localhost;database=TEST;uid=sa;pwd=111";
try
{
SqlConnection thisConntection = new SqlConnection(conn);
thisConntection.Open();
SqlCommand thisCommand = thisConntection.CreateCommand();
thisCommand.CommandText = comm;
SqlDataReader thisReader = thisCommand.ExecuteReader();
if (thisReader.Read())
{
Response.Write("<script>window.location.href('MainPage.aspx')</script>");
string role = thisReader[1].ToString().Trim();
thisReader.Close();
thisConntection.Close();
return role;
}
else
{
thisReader.Close();
thisConntection.Close();
return null;
}
}
catch
{
Response.Write("<script>alert('异常错误!');document.location=document.location;</script>");
return null;
}
}
然后,Global.asax中在添加protected void Application_AuthorizeRequest(object sender, System.EventArgs e)
{
HttpApplication App = (HttpApplication) sender;
HttpContext Ctx = App.Context ; //获取本次Http请求相关的HttpContext对象
if (Ctx.Request.IsAuthenticated == true) //验证过的用户才进行role的处理
{
FormsIdentity Id = (FormsIdentity)Ctx.User.Identity ;
FormsAuthenticationTicket Ticket = Id.Ticket ; //取得身份验证票
string[] Roles = Ticket.UserData.Split(',') ; //将身份验证票中的role数据转成字符串数组
Ctx.User = new System.Security.Principal.GenericPrincipal(Id, Roles); //将原有的Identity加上角色信息新建一个GenericPrincipal表示当前用户,这样当前用户就拥有了role信息
}
}现在的问题是,我在登录界面输入用户名和密码后,又跳到登录界面了,不管输入哪个用户名密码都是这样,是不是还要在web.config中加入什么元素,请高手指教,急~~~~!
部分web.config如下:<?xml version="1.0"?>
<configuration>
<connectionStrings>
<add name="TESTConnectionString3" connectionString="Data Source=192.168.10.254;Initial Catalog=TEST;User ID=sa;Password=123456"
providerName="System.Data.SqlClient" />
<add name="TESTConnectionString" connectionString="Data Source=192.168.10.254;Initial Catalog=TEST;User ID=sa;Password=123456"
providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="Login.aspx" defaultUrl="MainPage.aspx" protection="All" timeout="30" path="/"></forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
<machineKey decryption="Auto" validation="SHA1"/>
<compilation debug="true">
<assemblies>
<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</assemblies>
</compilation>
<pages>
<controls>
<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
</controls>
</pages>
<httpHandlers>
<remove verb="*" path="*.asmx"/>
<add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false"/>
</httpHandlers>
<httpModules>
<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
</httpModules>
</system.web>
<location path="MainPage.aspx">
<system.web>
<authorization>
<allow roles="admin,provider,purchaser"/>
<deny users="*"></deny>
</authorization>
</system.web>
</location>
<location path="extended_name.xml">
<system.web>
<authorization>
<deny users="*"></deny>
</authorization>
</system.web>
</location>后台程序如下:protected void btn_dl_Click(object sender, EventArgs e)
{
string login = txt_user.Text;
string passwod = txt_paswd.Text;
if (IsInUser(login, passwod) == true)
{
string role = GetRole(login);
if (role != null)
{
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, login, DateTime.Now, DateTime.Now.AddMinutes(30), false, role, "/");
string hashticket = FormsAuthentication.Encrypt(ticket);
HttpCookie usercookie = new HttpCookie(FormsAuthentication.FormsCookieName, hashticket);
Context.Response.Cookies.Add(usercookie);
if (Context.Request["ReturnUrl"] != null)
{
Response.Redirect(Context.Request["ReturnUrl"]);
}
else
{
Response.Redirect(FormsAuthentication.DefaultUrl);
}
}
}
else
Response.Write("<script>alert('用户名或密码不正确!');document.location=document.location;</script>");
} public bool IsInUser(string login, string passwod)
{
string comm = "select userID,login,password,name,company,companyID,power from [user] where login='" + login + "' and password='" + passwod + "'";
string conn = "server=192.168.10.254;database=TEST;uid=sa;pwd=19780411";
try
{
SqlConnection thisConntection = new SqlConnection(conn);
thisConntection.Open();
SqlCommand thisCommand = thisConntection.CreateCommand();
thisCommand.CommandText = comm;
SqlDataReader thisReader = thisCommand.ExecuteReader();
if (thisReader.Read())
{
Response.Write("<script>window.location.href('MainPage.aspx')</script>");
//Session["userID"] = thisReader[0];
Session["login"] = thisReader[1];
Session["name"] = thisReader[3];
Session["company"] = thisReader[4];
Session["companyID"] = thisReader[5];
Session["power"] = thisReader[6];
thisReader.Close();
thisConntection.Close();
return true;
}
else
{
thisReader.Close();
thisConntection.Close();
return false;
}
}
catch
{
Response.Write("<script>alert('异常错误!');document.location=document.location;</script>");
return false;
}
} public string GetRole(string login)
{
string comm = "select login,role from [user] where login='" + login + "'";
string conn = "server=localhost;database=TEST;uid=sa;pwd=111";
try
{
SqlConnection thisConntection = new SqlConnection(conn);
thisConntection.Open();
SqlCommand thisCommand = thisConntection.CreateCommand();
thisCommand.CommandText = comm;
SqlDataReader thisReader = thisCommand.ExecuteReader();
if (thisReader.Read())
{
Response.Write("<script>window.location.href('MainPage.aspx')</script>");
string role = thisReader[1].ToString().Trim();
thisReader.Close();
thisConntection.Close();
return role;
}
else
{
thisReader.Close();
thisConntection.Close();
return null;
}
}
catch
{
Response.Write("<script>alert('异常错误!');document.location=document.location;</script>");
return null;
}
}
然后,Global.asax中在添加protected void Application_AuthorizeRequest(object sender, System.EventArgs e)
{
HttpApplication App = (HttpApplication) sender;
HttpContext Ctx = App.Context ; //获取本次Http请求相关的HttpContext对象
if (Ctx.Request.IsAuthenticated == true) //验证过的用户才进行role的处理
{
FormsIdentity Id = (FormsIdentity)Ctx.User.Identity ;
FormsAuthenticationTicket Ticket = Id.Ticket ; //取得身份验证票
string[] Roles = Ticket.UserData.Split(',') ; //将身份验证票中的role数据转成字符串数组
Ctx.User = new System.Security.Principal.GenericPrincipal(Id, Roles); //将原有的Identity加上角色信息新建一个GenericPrincipal表示当前用户,这样当前用户就拥有了role信息
}
}现在的问题是,我在登录界面输入用户名和密码后,又跳到登录界面了,不管输入哪个用户名密码都是这样,是不是还要在web.config中加入什么元素,请高手指教,急~~~~!
解决方案 »
- GridView 更新数据
- outputcache 问题
- 用asp.net作一个调查问卷时所遇到的问题,help!!
- 100分求救···暂时只有11了,解决了马上上新号给分!谢谢!(关于创建一个内存中的datatable)
- 如何获取当前程序在服务器上的内存占用量?
- JAVAscript获取页面SELECT选中项的值。分不多大家多帮忙
- 新手:用OleDbDataReader读数据库的问题
- 我定义了一个static,现在出了问题,帮忙看看..等待中//。。。。。
- 如何打包asp.net项目,请指点。急用。
- System.Text.Encoding.Convert怎么用?
- 求解答 ie后退 网页乱码
- 通常在mysql里面用于计算Money是用什么类型?
设几个断点,跟一下
<system.web>
<authorization>
<allow roles="admin,provider,purchaser"/>
<deny users="*"></deny>
</authorization>
</system.web>
</location>
<location path="extended_name.xml">
<system.web>
<authorization>
<deny users="*"></deny>
</authorization>
</system.web>
</location>
如果没记错的话,这是拒绝所有人的意思吧?!我正在使用《Csdn收音机》第一时间获取最新动态!
应该是:<deny user="?"></deny>吧?我正在使用《Csdn收音机》第一时间获取最新动态!
<allow roles="admin,provider,purchaser"/>
<deny users="*"></deny>
这样是可以的,意思是拒绝所有用户,但允许admin,provider,purchaser三种角色的用户访问。
FORM认证
<configuration>
<system.web>
<authentication mode="Forms">
<forms name="MYWEBAPP.ASPXAUTH" loginUrl="login.aspx"
protection="All" path="/"/>
</authentication>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
<location path="admin">
<system.web>
<authorization>
<allow roles="Administrator"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="users">
<system.web>
<authorization>
<allow roles="User"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
</configuration>
if (User.Identity.IsAuthenticated&&User.IsInRole("user"))
{
Response.Redirect("index.aspx");
}
if (User.Identity.IsAuthenticated&&User.IsInRole("user"))
{
Response.Redirect("index.aspx");
}这段代码放在哪?