[Import] A Form Verification Solution

Asp.net itself carries a class that can automatically generate authentication, but this formsauthentication automatic cookie cannot carry other data except for the authentication ticket.

For a project, different types of verification may be performed on the viewer. for ASP, session verification is used. I don't like this method, and in this case, automatic logon is not possible.

Fortunately,. Net carries a method that can define tickets by ourselves, so that we can perform automatic logon and verify users who do not need it. Below is a ticket generationCode:

Public Virtual void login (bool I _autologin)
{
String m_userdata = This. m_userid.tostring () + "," + this. m_loginname + "," + this. m_usertype.tostring ();
Formsauthenticationticket ticket = new formsauthenticationticket (
1,
"Webbuser ",
System. datetime. Now,
System. datetime. Now. adddays (30 ),
I _autologin,
M_userdata,
"/");
String encticket = formsauthentication. Encrypt (ticket );
Httpcontext. Current. response. Cookies. Add (New httpcookie ("webbuser", encticket ));
}

M_userdata can be a long string and the generated cookies are encrypted (simple ). Obviously, some user IDs, types, and other information will be recorded here, and important information such as passwords will not be recorded. Of course, there will be no major problems. The next step is how to obtain and authenticate information in cookies.

Retrieve cookies:

protected void getdatafromcookie ()
{< br> If (user. identity. isauthenticated)
{< br> string m_userdata;
formsidentity id = (formsidentity) user. identity;
formsauthenticationticket ticket = ID. ticket;
m_userdata = ticket. userdata;
If (m_userdata! = NULL)
{< br> setuserdata (m_userdata);
}< BR >}

Private void setuserdata (string m_data)
{
String [] m_string = m_data.split (New char [] {','});
If (m_string.length = 3)
{
This. m_user.userid = convert. toint64 (m_string [0]);
This. m_user.loninname = m_string [1];
This. m_user.usertype = pagehelper. converttousertypes (m_string [2]);
}
}

Obviously, ',' is used to separate user information. Three user information is added, one is the user ID, the other is the user name, and the last is the user type. In addition, when retrieving information, use it to assign values to the m_user object.

The following is to verify it: first write a base class (basepage), and then all the forms will be derived from it, so that users can be automatically verified. It writes a reload function to determine different pages:
# Region iuipage members
Virtual public bool checkusertype () {return false ;}
Virtual public void inituser (Object sender, eventargs e ){}
# Endregion

In addition, perform verification during page loading:

Public void basepage_load (Object sender, system. eventargs E)
{
If (! Checkusertype ())
{
This. usersignout ();
}
}

The verification code is implemented on different pages: for example, in admin_main.aspx.cs, the verification may be like this:
Public override bool checkusertype ()
{
Return this. m_user.usertype = usertypes. Admin? True: false;
}
Public override void inituser (Object sender, eventargs E)
{
This. m_user = new webbadmin2 () as ivisitor;
This. getdatafromcookie ();
}

In client_main.aspx.cs, it may be like this:
Public override bool checkusertype ()
{
Return this. m_user.usertype = usertypes. Client? True: false;
}
Public override void inituser (Object sender, eventargs E)
{
This. m_user = new webbclient () as ivisitor;
This. getdatafromcookie ();
}

In this way, the page can be automatically logged on, and the user type can be automatically identified. Originally, I wanted to write another class and inherit all admin pages from it. Unfortunately, a small bug in vs. net2003 failed my practice. In addition, the verification function in the basepage can only be reloaded, not virtual. Otherwise, it can be more convenient. If you forget it, the Code is not very long. Just add it to every page.

ArticleSource: http://computer.mblogger.cn/wucountry/posts/49736.aspx