About the IBuySpy inside the user authority authentication aspect thing

User Rights ASP. NET in the Context.User of the page put a implementation IPrincipal object, used to implement the authenticated user management. Asp. NET system, the usual way is to extend this context.user to keep custom information inside it.



1, expand the way

There are basically two ways to expand: directly using GenericPrincipal and writing a class that implements IPrincipal. IBuySpy use of the former, the advantage is n simple.



Context.User = new GenericPrincipal (Context.User.Identity, roles);



Roles is a string that holds the role information of the current user, and is used between the roles ";" Delimited, which is obtained by calling the Userdb.getroles () method in the data layer by the preceding code.



Write yourself a class that implements IPrincipal is actually n simple, you just need to implement two interfaces: The IDENTITY property returns a IIdentity user identity object, and IsInRole (String role) determines whether the user has roles in the parameter. Here is a class that I have written that replaces IBuySpy with an extended pattern:





public class Ibsprincipal:iprincipal {



Private IIdentity _identity;

Private string[] _asrole;



Here are two constructors:



Public Ibsprincipal (IIdentity identity, String roles) {

_identity = identity;

_asrole = roles. Split (';');

}



Public Ibsprincipal (IIdentity identity, string[] roles) {

_identity = identity;

_asrole = roles;

}



Then there is a property and a method to implement the IPrincipal:



Public IIdentity Identity {

get {

return _identity;

}

}



public bool IsInRole (string role) {

The following line of kidnap "Jgtm ' 2003" tells the array there is a static indexof ()

The original is to use the circular query _asrole .... Earth is not available ...

Return (System.Array.IndexOf (_asrole) >-1);

}



OK, then we can use the following sentence to replace the above IBuySpy the original sentence:



Context.User = new Ibsprincipal (Context.User.Identity, roles);



It seems like creating this ibsprincipal is not cost-effective, it does not provide more than GenericPrincipal features, but the advantage is that we can expand it at any time, and the cost of implementation is very low.



2. Timing

When do we do this kind of extended behavior as mentioned above?



IBuySpy Choose to do these actions in the Application_AuthenticateRequest event inside the Global.asax, as long as the ASP.net program needs to be authenticated by the user, it must pass through here, this place is good.



Another good place is in the Page_Init method of "page base class", where we can build a "page base class" (even if there is nothing in the beginning) to construct a Web site. All pages inherit from this base class instead of the default System.Web.UI.Page, and the advantage of doing so is that we can place similar actions in the base class at any time. Unfortunately IBuySpy itself does not apply this "page base class" approach.



3, FormsAuthenticationTicket

This class is a "validation ticket" class, we can use this ticket to save the user's information, and write the ticket to the client's cookie, the customer again, from the cookie to retrieve the ticket, you can get the user information.



The above paragraph is about IBuySpy, but it's important to note that we do these things ourselves, and it has nothing to do with ASP.net's built-in forms validation, although it's also done through a similar save ticket to a cookie.



Using this ticket to write a cookie is good for us when we customize a cookie, first you can set the expiration time of the bill, decide whether to permanently save the ticket in the cookie, the ticket can write the custom information (such as the user's role), and,. NET built-in Formsauthentication.encrypt () method and the Formsauthentication.decrypt () method can encrypt a ticket into a string and decrypt a ticket from a string. This saves us a lot of work.



Look at the code inside the IBuySpy, create a ticket and write to the cookie:



FormsAuthenticationTicket ticket = new FormsAuthenticationTicket (

1,//version

Context.User.Identity.Name,//User Name

DateTime.Now,//Issue time

DateTime.Now.AddHours (1),//expires every hour

False,//don ' t persist cookies

ROLESTR//Roles

);



Encrypt the Ticket

String cookiestr = formsauthentication.encrypt (ticket);



Send the cookie to the client

response.cookies["Portalroles"]. Value = cookiestr;

response.cookies["Portalroles"]. Path = "/";

response.cookies["Portalroles"]. Expires = DateTime.Now.AddMinutes (1);



read out the ticket from the cookie and get the user's role from the ticket:



Get roles from roles cookies

FormsAuthenticationTicket ticket = Formsauthentication.decrypt (context.request.cookies["Portalroles"). Value);



Convert the string representation of the role data into a string array

ArrayList userroles = new ArrayList ();



foreach (String role in ticket. Userdata.split (new char[] {'; '}) {

Userroles.add (role);

}



roles = (string[]) Userroles.toarray (typeof (String));