这是上面文章里的流程: 1. The user requests the Default.aspx file from your application's virtual directory. IIS allows the request because anonymous access is enabled in the IIS metabase. ASP.NET confirms that theauthorization element includes a <deny users="?" /> tag. 2. The server looks for an authentication cookie. If it fails to find the authentication cookie, the user is redirected to the configured logon page (Login.aspx), as specified by the LoginUrl attribute of the forms element. The user supplies and submits credentials through this form. Information about the originating page is placed in the query string using RETURNURL as the key. The server HTTP reply is as follows: 3. 302 Found Location: 4. http://localhost/FormsAuthTest/login.aspx?RETURNURL=%2fFormAuthTest%2fDefault.aspx
5. The browser requests the Login.aspx page and includes the RETURNURL parameter in the query string. 6. The server returns the logon page and the 200 OK HTTP status code. 7. The user enters credentials on the logon page and posts the page, including the RETURNURL parameter from the query string, back to the server. 8. The server validates user credentials against a store, such as a SQL Server database or an Active Directory user store. Code in the logon page creates a cookie that contains a forms authentication ticket that is set for the session. In ASP.NET 2.0, the validation of user credentials can be performed by the membership system. The Membership class provides the ValidateUser method for this purpose as shown here: if (Membership.ValidateUser(userName.Text, password.Text)) { if (Request.QueryString["ReturnUrl"] != null) { FormsAuthentication.RedirectFromLoginPage(userName.Text, false); } else { FormsAuthentication.SetAuthCookie(userName.Text, false); } } else { Response.Write("Invalid UserID and Password"); }
Note When using the Login Web server control, it automatically performs the following steps for you. The preceding code is provided for context. 9. For the authenticated user, the server redirects the browser to the original URL that was specified in the query string by the RETURNURL parameter. The server HTTP reply is as follows: 10. 302 Found Location: 11. http://localhost/TestSample/default.aspx
12. Following the redirection, the browser requests the Default.aspx page again. This request includes the forms authentication cookie. 13. The FormsAuthenticationModule class detects the forms authentication cookie and authenticates the user. After successful authentication, the FormsAuthenticationModule class populates the current User property, which is exposed by the HttpContext object, with information about the authenticated user. 14. Since the server has verified the authentication cookie, it grants access and returns the Default.aspx page.
http://msdn.microsoft.com/en-us/library/ff647070.aspx
1. The user requests the Default.aspx file from your application's virtual directory. IIS allows the request because anonymous access is enabled in the IIS metabase. ASP.NET confirms that theauthorization element includes a <deny users="?" /> tag.
2. The server looks for an authentication cookie. If it fails to find the authentication cookie, the user is redirected to the configured logon page (Login.aspx), as specified by the LoginUrl attribute of the forms element. The user supplies and submits credentials through this form. Information about the originating page is placed in the query string using RETURNURL as the key. The server HTTP reply is as follows:
3. 302 Found Location:
4. http://localhost/FormsAuthTest/login.aspx?RETURNURL=%2fFormAuthTest%2fDefault.aspx
5. The browser requests the Login.aspx page and includes the RETURNURL parameter in the query string.
6. The server returns the logon page and the 200 OK HTTP status code.
7. The user enters credentials on the logon page and posts the page, including the RETURNURL parameter from the query string, back to the server.
8. The server validates user credentials against a store, such as a SQL Server database or an Active Directory user store. Code in the logon page creates a cookie that contains a forms authentication ticket that is set for the session.
In ASP.NET 2.0, the validation of user credentials can be performed by the membership system. The Membership class provides the ValidateUser method for this purpose as shown here:
if (Membership.ValidateUser(userName.Text, password.Text))
{
if (Request.QueryString["ReturnUrl"] != null)
{
FormsAuthentication.RedirectFromLoginPage(userName.Text, false);
}
else
{
FormsAuthentication.SetAuthCookie(userName.Text, false);
}
}
else
{
Response.Write("Invalid UserID and Password");
}
Note When using the Login Web server control, it automatically performs the following steps for you. The preceding code is provided for context.
9. For the authenticated user, the server redirects the browser to the original URL that was specified in the query string by the RETURNURL parameter. The server HTTP reply is as follows:
10. 302 Found Location:
11. http://localhost/TestSample/default.aspx
12. Following the redirection, the browser requests the Default.aspx page again. This request includes the forms authentication cookie.
13. The FormsAuthenticationModule class detects the forms authentication cookie and authenticates the user. After successful authentication, the FormsAuthenticationModule class populates the current User property, which is exposed by the HttpContext object, with information about the authenticated user.
14. Since the server has verified the authentication cookie, it grants access and returns the Default.aspx page.
需要更新是再重新查询存到Session中
你这个就是我的做法啊不过我用的是 public shared user as list而不是 Session因为我这个是web服务 不是 页面啊