1.
FormsAuthenticationTicket tk = new FormsAuthenticationTicket(1, txtName.Text, System.DateTime.Now,System.DateTime.Now.AddMinutes(5), false, txtName.Text);
string ticket = System.Web.Security.FormsAuthentication.Encrypt(tk);
首先我产生了一张票据然后加密然后我把这个ticket值利用POST传值到另外一张页面进行解密
2.FormsAuthenticationTicket ticket1 = FormsAuthentication.Decrypt(ticket); 但是我想请问各位前辈,这个把值POST到另外一种页面的代码改怎么写呀。
FormsAuthenticationTicket tk = new FormsAuthenticationTicket(1, txtName.Text, System.DateTime.Now,System.DateTime.Now.AddMinutes(5), false, txtName.Text);
string ticket = System.Web.Security.FormsAuthentication.Encrypt(tk);
首先我产生了一张票据然后加密然后我把这个ticket值利用POST传值到另外一张页面进行解密
2.FormsAuthenticationTicket ticket1 = FormsAuthentication.Decrypt(ticket); 但是我想请问各位前辈,这个把值POST到另外一种页面的代码改怎么写呀。
req.Method = "POST";
req.KeepAlive = true;
req.ContentType = "application/x-www-form-urlencoded";Encoding encoding = Encoding.GetEncoding("GB2312");postDatas = encoding.GetBytes(ticket);
req.ContentLength = postDatas.Length;
Stream reqStream = req.GetRequestStream();
reqStream.Write(postDatas, 0, postDatas.Length);
reqStream.Close(); HttpWebResponse res = (HttpWebResponse)req.GetResponse(); 这个代码不是很准确,大概思路就是这样
用Cookie判断权限,当页面失效后(或未经过验证输入网址)会自动跳到Login页面。 1.加入Cookie,主体在这一块,登录判断成功后加入Cookie,Cookie的角色在这加不了,要到Application_AuthorizeRequest中加(放在Global.asax) protected void Login_Click(object sender, EventArgs e) { if(Check成功){bool isPersistent = false; string userData = GetRole(userName);//Get the user'roles FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, userName, DateTime.Now, DateTime.Now.AddMinutes(1), //Cookie失效时间,这个和web.config中的timeout是两码事。 isPersistent, userData,//Add the roles into Cookies, Reference to Global.asax/Application_AuthorizeRequest() FormsAuthentication.FormsCookiePath); //Encrypt the ticket. string encTicket = FormsAuthentication.Encrypt(ticket); //Create the cookie. Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket)); Response.Redirect("Default.aspx"); } } 2.往Cookie中加入角色 protected void Application_AuthorizeRequest(object sender, System.EventArgs e) { HttpApplication App = (HttpApplication)sender; HttpContext Ctx = App.Context; //获取本次Http请求相关的HttpContext对象 if (Ctx.Request.IsAuthenticated == true) //验证过的用户才进行role的处理 { FormsIdentity Id = (FormsIdentity)Ctx.User.Identity; FormsAuthenticationTicket Ticket = Id.Ticket; //取得身份验证票 string[] Roles = Ticket.UserData.Split(','); //将身份验证票中的role数据转成字符串数组 Ctx.User = new System.Security.Principal.GenericPrincipal(Id, Roles); //将原有的Identity加上角色信息新建一个GenericPrincipal表示当前用户,这样当前用户就拥有了role信息 } } 3.配置Web.config以及注意点<!-- <authentication> 1.安全模式设为Forms 2.加上权限,如下 3.需注意的是,因为Login页面没登录前就已经开始验证了,所以它的.css样式(包括图片)都会被挡掉,这时需要设置Login的css和image的权限为所有人.方法有二种:一是在web.config下面的添加权限,二是直接在css、images文件夹中再加两个web.config,权限为所有人 --> <authentication mode="Forms"> <forms name=".ASPXFORMSDEMO" defaultUrl="Logon.aspx" loginUrl="Logon.aspx" protection="All" path="/" timeout="60"></forms> </authentication> <authorization> <deny users="?"/> <allow users="*"/> </authorization> <!-- 为Login的样式添加权限 --><location path="CSS/Login.css"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location> 4.验证一下,这是废话,坏的我能给你们嘛protected void Page_Load(object sender, EventArgs e) { if (User.IsInRole("Vendor")) Response.Write("Vendor"); else Response.Write("Not Vendor");}
Response.Write(@"
<form id=""form1"" action=""b.aspx"" method=""post"">
<input type=""hidden"" name=""a"" value=""put your value here"">
</form>
<script language=""javascript"">
document.getElementById('form1').submit();
</script>
");
if you want to do on the client side, or write some javascript to change the form's action or look into the PostBackUrl feature in asp.net 2.0
恩,谢谢。不过我现在遇到的问题就是我用验证中心把加密好的票据POST过去,然后在管道中截取到此票据解密的时候就报“填充无效,无法被移除 ”的错了
HttpWebResponse res = (HttpWebResponse)req.GetResponse();
这个代码是用来干什么用的啊