Full introduction to role control through forms authentication

Http://blog.csdn.net/lzumcj_pa18/archive/2004/06/30/30575.aspx

Original: lzumcj

Note: I once wanted to implement grouped role control similar to Windows 2000/XP. I have not found many materials. Finally, I found an English document on misrosoft's website. After reading it, I put it into practice! In conclusion, we will share future generations.

1. Configure IIS to allow anonymous access.
2. Configure the Authentication Mode of ASP. NET as forms.
<! -- Web. config -->
<Authentication mode = "forms">
<Forms name = "myappformsauth"
Loginurl = "login. aspx"
Protection = "encryption"
Timeout = "20"
Path = "/">
</Forms>
</Authentication>
3. Create a logon page and verify the credentials provided ).
4. Obtain the role list from the custom data storage ).
5. Create Forms authentication ticket (store roles in the ticket ).
// This event handler executes when the user clicks the logon button
// Having supplied a set of credentials
Private void logon_click (Object sender, system. eventargs E)
{
// Validate credentials against either a SQL Server database
// Or Active Directory
Bool isauthenticated = true;
If (isauthenticated = true)
{
// Retrieve the set of roles for this user from the SQL Server
// Database or Active Directory. The roles are returned as
// String that contains pipe separated role names
// For example "Manager | employee | sales |"
// This makes it easy to store them in the authentication ticket
// String roles = retrieveroles (txtusername. Text, txtpassword. Text );
String roles = "admin ";
// Create the authentication ticket and store the roles in
// Custom userdata property of the authentication ticket
Formsauthenticationticket authticket = new
Formsauthenticationticket (
1, // version
Txtusername. Value, // User Name
Datetime. Now, // Creation
Datetime. Now. addminutes (20), // expiration
False, // persistent
Roles); // user data
// Encrypt the ticket.
String encryptedticket = formsauthentication. Encrypt (authticket );
// Create a cookie and add the encrypted ticket to
// Cookie as data.
Httpcookie authcookie = new httpcookie (formsauthentication. formscookiename, encryptedticket );
// Add the cookie to the outgoing cookies collection.
Response. Cookies. Add (authcookie );
// Redirect the user to the originally requested page
Response. Redirect (formsauthentication. getredirecturl (txtusername. Value, false ));
}
}
6. Create an iprincipal object.
7. Put the iprincipal object into the current HTTP context.
<! -- Global. asax -->
<% @ Application language = "C #" %>
<% @ Import namespace = "system. Security. Principal" %>
<SCRIPT runat = "server">
Protected void application_authenticaterequest (Object sender, eventargs E)
{
// Extract the forms authentication cookie
String cookiename = formsauthentication. formscookiename;
Httpcookie authcookie = context. Request. Cookies [cookiename];
If (null = authcookie)
{
// There is no authentication cookie.
Return;
}
Formsauthenticationticket authticket = NULL;
Try
{
Authticket = formsauthentication. decrypt (authcookie. value );
}
Catch (exception ex)
{
// Log exception details (omitted for simplicity)
Return;
}
If (null = authticket)
{
// Cookie failed to decrypt.
Return;
}
// When the ticket was created, the userdata property was assigned
// A Pipe delimited string of role names.
String [] roles = authticket. userdata. Split (New char [] {'| '});
// Create an identity object
Formsidentity id = new formsidentity (authticket );
// This principal will flow throughout the request.
Genericprincipal principal = new genericprincipal (ID, roles );
// Attach the new principal object to the current httpcontext object
Context. User = principal;
}
</SCRIPT>
8. Approve users based on user name/role membership.
Iprincipal. isinrole