Enabling Forms Athentication
To enable ASP.NET Forms Athentication, your application web.config file must contain the following information:<configuration>
<system.web>
<authentication mode="Forms">
<forms name="RolesBasedAthentication"
path="/"
loginUrl="/Login.aspx"
protection="All"
timeout="30">
</forms>
</authentication>
</system.web>
</configuration>
The athentcation mode is set to Forms, this enables the Forms Athentication for the entire application. The value name attribute is the name of the borwser cookie, the default value is .ASPXAUTH but you should provide a unique name if you are configuring multiple applications on the same server. The loginUrl is the url to your login page. The timeout is the amount of time in minutes before a cookie expires, this attribute does not apply to persistent cookies. The protction atrribute: is the way your cookie data is protected, ALL means that your cookie data will be encrypted and validated, other values that you can set are: None, Encryption, Validation.When Forms Athentication is enable, each time a user requests a page, the form will attemp to look up for a cookie in the user's browser. If one is found, the user identity was kept in the cookie is represented in the FormsIdentity class, this class contains the following information about the athenticated user:AthenticationType - returns the value Forms
IsAthenticated - return a boolean value indicates where the user was athenticated
Name - Indicates the name of an athenticated user
Because the FormsIdentity contains only the Name of the user and sometimes you need more than that, that's why I have written the SiteIdentity which implements the IIdentity interface to contain more information about the athenticated user.Creating the Login Page
Creating the login page you simply need 2 textboxes to let user input the email address and password named Email and Password, respectively. You may need 1 check box to ask if user wants us to set a persistent cookie, and finally one submit button with OnClick event is handled as follow:
private void Submit_Click(object sender, System.EventArgs e)
{
// call the ValidateLogin static method to check if the email and password are correct
// if correct the method will return a new user else return null
SitePrincipal newUser = SitePrincipal.ValidateLogin(Email.Text, Password.Text); if (newUser == null)
{
ErrorMessage.Text = "Login failed for " + Email.Text;
ErrorMessage.Visible = true;
}
else
{
// assign the new user to the current context user
Context.User = newUser;
// set the cookie that contains the email address
// the true value means the cookie will be set persisted
FormsAuthentication.SetAuthCookie( Email.Text, true );
// redirect the user to the home page
Response.Redirect("Default.aspx");
}
}
The code above is straightforward, first we SitePrincipal.ValidateLogin() which looks up database and check if user has entered correct email and password and returns the new instance of SitePrincipal object, if the new object is null that means user hasnot entered a correct email or password, otherwise we assign the current user with the new object then set the cookie and redirect user to the main page.Authenticating User On Every Request
Whenever user requests a page, the ASP.NET Forms Athentication will automatically pick up our cookie, but we haven't replace the current context user with our own, so we should create a pagebase class as base class and replace the current context user with our own so that every page that derived from this pagebase will have our own SitePrincipal instance as context user. When the SitePrincipal is instanced,it will automatically search for roles that match the current user and assign to the user's rolls. The code below creates a pagebase calss and replace the current context with our own:public class PageBase: System.Web.UI.Page
{
public PageBase()
{
} protected override void OnInit(EventArgs e)
{
base.OnInit(e);
this.Load += new System.EventHandler(this.PageBase_Load);
} private void PageBase_Load(object sender, System.EventArgs e)
{
if (Context.User.Identity.IsAuthenticated)
{
if (!(Context.User is SitePrincipal))
{
SitePrincipal newUser = new SitePrincipal( Context.User.Identity.Name );
Context.User = newUser;
}
} }}
So now every page should derive this bass class instead of deriving the System.Web.UI.Page. So if you want to get a current name or email address or userID of the athenticated user you can do like this:if (Context.User.Identity.IsAuthenticated)
{
string name = ((SiteIdentity)Context.User.Identity).FullName;
string email = ((SiteIdentity)Context.User.Identity).Email;
string password = ((SiteIdentity)Context.User.Identity).Password;
string userID = ((SiteIdentity)Context.User.Identity).UserID;
}
Or if you can check if the current user is in a specific role as following:if (Context.User.Identity.IsAuthenticated)
{
// if user is not in the Site Admin role, he/she will be redirected to the login page
if (!((SitePrincipal)Context.User).IsInRole("Site Admin"))
Response.Redirect("Login.aspx");
}
To enable ASP.NET Forms Athentication, your application web.config file must contain the following information:<configuration>
<system.web>
<authentication mode="Forms">
<forms name="RolesBasedAthentication"
path="/"
loginUrl="/Login.aspx"
protection="All"
timeout="30">
</forms>
</authentication>
</system.web>
</configuration>
The athentcation mode is set to Forms, this enables the Forms Athentication for the entire application. The value name attribute is the name of the borwser cookie, the default value is .ASPXAUTH but you should provide a unique name if you are configuring multiple applications on the same server. The loginUrl is the url to your login page. The timeout is the amount of time in minutes before a cookie expires, this attribute does not apply to persistent cookies. The protction atrribute: is the way your cookie data is protected, ALL means that your cookie data will be encrypted and validated, other values that you can set are: None, Encryption, Validation.When Forms Athentication is enable, each time a user requests a page, the form will attemp to look up for a cookie in the user's browser. If one is found, the user identity was kept in the cookie is represented in the FormsIdentity class, this class contains the following information about the athenticated user:AthenticationType - returns the value Forms
IsAthenticated - return a boolean value indicates where the user was athenticated
Name - Indicates the name of an athenticated user
Because the FormsIdentity contains only the Name of the user and sometimes you need more than that, that's why I have written the SiteIdentity which implements the IIdentity interface to contain more information about the athenticated user.Creating the Login Page
Creating the login page you simply need 2 textboxes to let user input the email address and password named Email and Password, respectively. You may need 1 check box to ask if user wants us to set a persistent cookie, and finally one submit button with OnClick event is handled as follow:
private void Submit_Click(object sender, System.EventArgs e)
{
// call the ValidateLogin static method to check if the email and password are correct
// if correct the method will return a new user else return null
SitePrincipal newUser = SitePrincipal.ValidateLogin(Email.Text, Password.Text); if (newUser == null)
{
ErrorMessage.Text = "Login failed for " + Email.Text;
ErrorMessage.Visible = true;
}
else
{
// assign the new user to the current context user
Context.User = newUser;
// set the cookie that contains the email address
// the true value means the cookie will be set persisted
FormsAuthentication.SetAuthCookie( Email.Text, true );
// redirect the user to the home page
Response.Redirect("Default.aspx");
}
}
The code above is straightforward, first we SitePrincipal.ValidateLogin() which looks up database and check if user has entered correct email and password and returns the new instance of SitePrincipal object, if the new object is null that means user hasnot entered a correct email or password, otherwise we assign the current user with the new object then set the cookie and redirect user to the main page.Authenticating User On Every Request
Whenever user requests a page, the ASP.NET Forms Athentication will automatically pick up our cookie, but we haven't replace the current context user with our own, so we should create a pagebase class as base class and replace the current context user with our own so that every page that derived from this pagebase will have our own SitePrincipal instance as context user. When the SitePrincipal is instanced,it will automatically search for roles that match the current user and assign to the user's rolls. The code below creates a pagebase calss and replace the current context with our own:public class PageBase: System.Web.UI.Page
{
public PageBase()
{
} protected override void OnInit(EventArgs e)
{
base.OnInit(e);
this.Load += new System.EventHandler(this.PageBase_Load);
} private void PageBase_Load(object sender, System.EventArgs e)
{
if (Context.User.Identity.IsAuthenticated)
{
if (!(Context.User is SitePrincipal))
{
SitePrincipal newUser = new SitePrincipal( Context.User.Identity.Name );
Context.User = newUser;
}
} }}
So now every page should derive this bass class instead of deriving the System.Web.UI.Page. So if you want to get a current name or email address or userID of the athenticated user you can do like this:if (Context.User.Identity.IsAuthenticated)
{
string name = ((SiteIdentity)Context.User.Identity).FullName;
string email = ((SiteIdentity)Context.User.Identity).Email;
string password = ((SiteIdentity)Context.User.Identity).Password;
string userID = ((SiteIdentity)Context.User.Identity).UserID;
}
Or if you can check if the current user is in a specific role as following:if (Context.User.Identity.IsAuthenticated)
{
// if user is not in the Site Admin role, he/she will be redirected to the login page
if (!((SitePrincipal)Context.User).IsInRole("Site Admin"))
Response.Redirect("Login.aspx");
}
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货