[Reprint] authorization process for role (User Group) Authentication Based on Forms in Asp.net (C #)

This article assumes that you understand the general knowledge of Forms authentication.

In Asp.net, role (User Group) Authentication Authorization Based on Forms authentication adds a string named UserDate to the general Forms authentication,

You can complete the verification in three steps:

1. Set web. config
<Configuration>

<System. web>

<! -- Enable Forms authentication -->

<Authentication mode = "Forms">

<Forms name = "AspxAuth" loginUrl = "/Login. aspx" timeout = "30" protection = "All" path = "/"/>

</Authentication>

</System. web>

 

<! -- General verification area -->

<Location path = "MyFavorites. aspx">

<System. web>

<Authorization>

<Deny users = "? "/>

</Authorization>

</System. web>

</Location>

<! -- Role verification area -->

<Location path = "Admin">

<System. web>

<Authorization>

<Allow roles = "Admin"/>

<Deny users = "*"/>

</Authorization>

</System. web>

</Location>

</Configuration>

Note:

<Allow roles = "Admin"/>

<Deny users = "*"/>

The order!

2. verification on the login. aspx page
// Define a role

Private void ibtLogin_Click (object sender, System. Web. UI. ImageClickEventArgs e)

{

Int UserID = MyAuthentication (UserName, PassWord); // verify the normal user

String userData = "Member"; // obtain the role string

If (MyAdminAuthentication (UserID) // verify the User Role

{

UserData = "Admin, Member ";

}

FormsAuthenticationTicket Ticket = new FormsAuthenticationTicket (1, UserID. ToString (), DateTime. Now, DateTime. Now. AddMinutes (30), true, userData); // create an authentication Ticket object

String HashTicket = FormsAuthentication. Encrypt (Ticket); // The encrypted serialization validation Ticket is a string

HttpCookie UserCookie = new HttpCookie (FormsAuthentication. FormsCookieName, HashTicket); // generate Cookie

Context. Response. Cookies. Add (UserCookie); // output Cookie



// Redirect to the initial page of user application

Context. Response. Redirect (Context. Request ["ReturnUrl"]); // Redirect to the initial Page of the user application

}

 

 

Private int MyAuthentication (string UserName, string PassWord)

{

// Verify the normal user

}

 

Private bool MyAdminAuthentication (int UserID)

{

// Verify the User Role

}

3. Finally, Global. asax :)
Protected void Application_AuthenticateRequest (Object sender, EventArgs e)

{

HttpApplication HApp = (HttpApplication) sender;

HttpContext HCtx = HApp. Context; // obtain the HttpContext object of this Http Request

If (HCtx. Request. IsAuthenticated = true) // a verified general user can perform role verification.

{

System. Web. Security. FormsIdentity Id = (System. Web. Security. FormsIdentity) HCtx. User. Identity;

System. Web. Security. FormsAuthenticationTicket Ticket = Id. Ticket; // get the authentication Ticket

String [] Roles = Ticket. UserData. Split (','); // convert the role data into a string array to obtain relevant role information.

HCtx. User = new System. Security. Principal. GenericPrincipal (Id, Roles); // The current User has the role information.

}

}

Haha... this role (User Group) Authentication Authorization Based on Forms authentication is complete! ^ O ^

References:

Http://www.howtodothings.com/ViewArticle.aspx? Article = 31

Http://www.cnblogs.com/wuchang/archive/2004/07/26/27474.aspx