在asp.net 1.1环境里,我想使用form验证来控制一个目录下的用户访问权限。代码如下:在Web.config中定义
<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="/login.aspx" protection="All" timeout="20" >
<credentials passwordFormat="Clear">
<user name="admin" password="pass"/>
</credentials>
</forms>
</authentication>在需要控制访问的目录下的Web.config中定义
<system.web>
<authorization>
<allow users="admin" />
<deny users="?" />
</authorization>
</system.web>在login.aspx中
private void btnLogin_Click(object sender, EventArgs e)
{
if (FormsAuthentication.Authenticate(txtLoginname.Text, txtPassword.Text))
{
FormsAuthenticationTicket authTicket = new
FormsAuthenticationTicket(txtLoginname.Text, true, 20); // Encrypt the ticket.
string encryptedTicket = FormsAuthentication.Encrypt(authTicket); // Create a cookie and add the encrypted ticket to the
// cookie as data.
HttpCookie authCookie = new
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
authCookie.Expires = DateTime.Now.AddDays(1);
// Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie); // Redirect the user to the originally requested page
string url = FormsAuthentication.GetRedirectUrl(txtLoginname.Text, true );
Response.Redirect(url); }
}在global.asax中
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
// Extract the forms authentication cookie
string cookieName = FormsAuthentication.FormsCookieName;
HttpCookie authCookie = Context.Request.Cookies[cookieName];
if(null == authCookie)
{
// There is no authentication cookie.
return;
} FormsAuthenticationTicket authTicket = null;
try
{
authTicket = FormsAuthentication.Decrypt(authCookie.Value);
}
catch(Exception ex)
{
// Log exception details (omitted for simplicity)
return;
} if (null == authTicket)
{
// Cookie failed to decrypt.
return;
} // When the ticket was created, the UserData property was assigned a
// pipe delimited string of role names.
string[] roles = authTicket.UserData.Split(new char[]{'|'}); // Create an Identity object
FormsIdentity id = new FormsIdentity( authTicket ); // This principal will flow throughout the request.
GenericPrincipal principal = new GenericPrincipal(id, roles); // Attach the new principal object to the current HttpContext object
Context.User = principal;
}然后访问受限的目录下的文件时,确实是转向了login.aspx程序,而且ReturnUrl参数也很正确。我输入了Web.config中定义的用户名和密码后,跟踪执行程序,的确是通过了验证,并且浏览器收到了带有ticket的cookie。然后程序运行到Application_AuthenticateRequest的时候,也根据cookie的内容对Context.User的值进行了正确的赋值,监视确实Context.User.Identity.Name="admin"。只是页面并没有像预期的那样打开了受限目录下的文件,而是又一次转向了login.aspx页面,要求再次输入用户名和密码。我不明白问题到底是发生在什么地方,恳请各位高手帮忙,谢谢!
<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="/login.aspx" protection="All" timeout="20" >
<credentials passwordFormat="Clear">
<user name="admin" password="pass"/>
</credentials>
</forms>
</authentication>在需要控制访问的目录下的Web.config中定义
<system.web>
<authorization>
<allow users="admin" />
<deny users="?" />
</authorization>
</system.web>在login.aspx中
private void btnLogin_Click(object sender, EventArgs e)
{
if (FormsAuthentication.Authenticate(txtLoginname.Text, txtPassword.Text))
{
FormsAuthenticationTicket authTicket = new
FormsAuthenticationTicket(txtLoginname.Text, true, 20); // Encrypt the ticket.
string encryptedTicket = FormsAuthentication.Encrypt(authTicket); // Create a cookie and add the encrypted ticket to the
// cookie as data.
HttpCookie authCookie = new
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
authCookie.Expires = DateTime.Now.AddDays(1);
// Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie); // Redirect the user to the originally requested page
string url = FormsAuthentication.GetRedirectUrl(txtLoginname.Text, true );
Response.Redirect(url); }
}在global.asax中
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
// Extract the forms authentication cookie
string cookieName = FormsAuthentication.FormsCookieName;
HttpCookie authCookie = Context.Request.Cookies[cookieName];
if(null == authCookie)
{
// There is no authentication cookie.
return;
} FormsAuthenticationTicket authTicket = null;
try
{
authTicket = FormsAuthentication.Decrypt(authCookie.Value);
}
catch(Exception ex)
{
// Log exception details (omitted for simplicity)
return;
} if (null == authTicket)
{
// Cookie failed to decrypt.
return;
} // When the ticket was created, the UserData property was assigned a
// pipe delimited string of role names.
string[] roles = authTicket.UserData.Split(new char[]{'|'}); // Create an Identity object
FormsIdentity id = new FormsIdentity( authTicket ); // This principal will flow throughout the request.
GenericPrincipal principal = new GenericPrincipal(id, roles); // Attach the new principal object to the current HttpContext object
Context.User = principal;
}然后访问受限的目录下的文件时,确实是转向了login.aspx程序,而且ReturnUrl参数也很正确。我输入了Web.config中定义的用户名和密码后,跟踪执行程序,的确是通过了验证,并且浏览器收到了带有ticket的cookie。然后程序运行到Application_AuthenticateRequest的时候,也根据cookie的内容对Context.User的值进行了正确的赋值,监视确实Context.User.Identity.Name="admin"。只是页面并没有像预期的那样打开了受限目录下的文件,而是又一次转向了login.aspx页面,要求再次输入用户名和密码。我不明白问题到底是发生在什么地方,恳请各位高手帮忙,谢谢!
解决方案 »
- 请教浏览器对URL的处理,为什么post前后会有所不同。。
- 请问在DATASET的表中筛选数据应该怎么写?
- 新手请教C#线程问题
- C#中设置很多个选择项用来查询符合条件的数据,如何判断哪些选择项被选择了?SQL语句该怎么写
- propertygrid控件属性问题
- 迅雷 右键 下载全部链接 不知道他是怎么做到的 ?
- 错误DataBindings”是“属性”,但此处被当做“方法”来使用
- IDE突然不能编译程序了,请问如何解决?
- 在C#中用什么控件作为输出窗口好啊??
- .NET2005连不上SQL2005
- Treeview和listview的小问题,解决马上给分,请帮我解释清楚错误原因,谢谢
- 我想问下您一个问题
<location path="aaa.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
class fff
{public void aa()
{}
}