Use role-based identity forms validation in asp.net (1) __.net

The use of role-based identity forms validation in asp.net is roughly divided into four steps

1. Configure System files Web.config

<system.web>
<authentication mode= "Forms" >
<forms name= ". Yaocookies" Loginurl= "/duan/manage/login.aspx" protection= "All"
timeout= "path="/"/>
</authentication>
</system.web>

The name in the <forms> label specifies the HTTP Cookie to use for authentication. By default, the value of name is. Aspxauth. After authenticating the user in this way, a FormsAuthenticationTicket type of authentication ticket is established with the user's information, and then encrypted into a string, Finally, the string is written to the cookie of the client's name-specified name. Once this cookie is written to the client, the user who accesses the Web application again will send it along with the cookie to the server, and the server will know that the user is authenticated.

The loginurl in the <forms> label means that the unauthenticated user will automatically be directed to the path to which loginurl is pointing. If the authenticating user is valid, generate the authentication ticket that corresponds to this user, write to the client's cookie, Finally, redirect the browser to the page that the user asked for the initial interview. The System.Web.Security.FormsAuthentication.RedirectFromLoginPage () method is used to implement redirection.

<forms> the timeout and path in the label are provided with the authentication ticket written to the cookie expiration and default path

2. Create a Web.config file in a protected folder such as manage, as

<configuration>
<!--specify access rights to the entire manage directory-->
<system.web>
<authorization>
<!--multiple roles, separating-->
<allow roles= "Admin,user"/>
<deny users= "*"/>
</authorization>
</system.web>

<!--can also control permissions on a page

   <location path= "announcelist.aspx"
      <system.web>
         <authorization>
             <allow roles= "admin"/>
             <deny users= "*"/>
         </ Authorization>
      </system.web>
   </location>

<location path= "Configinfo.aspx" >
<system.web>
<authorization>
<allow roles= "Users"/>
<deny users= "*"/>
</authorization>
</system.web>
</location>

-->
</configuration>

Note: This configuration content can also be added to the system's Web.config file, and note the Add location:

........
</system.web>

<location path= "Manage/announcelist.aspx" >
<system.web>
<authorization>
<allow roles= "admin"/>
<deny users= "*"/>
</authorization>
</system.web>
</location>

</configuration>

3. Login Page

<div style= "border-right: #cccccc 1px solid; padding-right:5px; Border-top: #cccccc 1px solid; padding-left:4px; font-size:13px; border-bottom-width:1px; Border-bottom-color: #cccccc; padding-bottom:4px; Border-left: #cccccc 1px solid; width:98% ">//login button
private void Button1_Click (object sender, System.EventArgs e)
{
             //entity class Adminuservo corresponds to Adminuser user table.
             Adminuservo Adminuservo = new Adminuservo ();

Adminuservo.uname = UserName.Text.Trim ();
Adminuservo.upwd = UserPwd.Text.Trim ();
Adminuservo.lastip = HttpContext.Current.Request.UserHostAddress;
Adminuservo.lasttime = DateTime.Now;

BOOL flag = (new Logindao ()). CHK (Adminuservo);

if (flag)
{
Non-role validation can be used with this sentence:
System.Web.Security.FormsAuthentication.SetAuthCookie (UserName.Text.Trim (), false);

Create role validation information, and write roles information into UserData
Setlogincookie (Adminuservo,adminuservo.roles.tolower ());

HttpContext.Current.Response.Redirect ("main.aspx");
}
Else
{
HttpContext.Current.Response.Write ("Login Failed");
}
}
</DIV>

<div style= "Border-right: #cccccc 1px solid; padding-right:5px; Border-top: #cccccc 1px solid; padding-left:4px; font-size:13px; border-bottom-width:1px; Border-bottom-color: #cccccc; padding-bottom:4px; Border-left: #cccccc 1px solid; width:88.76%; Height:203px ">//setlogincookie method
public static void Setlogincookie (Adminuservo u, string roles)
{
Establish an authentication ticket object
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket (1,u.uname, DateTime.Now, DateTime.Now.AddMinutes (30 ), False,roles, "/");
Cryptographic serialization verification ticket is a string
String hashticket = Formsauthentication.encrypt (ticket);
HttpCookie Usercookie = new HttpCookie (Formsauthentication.formscookiename, Hashticket);
HTTPCONTEXT.CURRENT.RESPONSE.COOKIES.ADD (Usercookie);
}
</DIV>
FormsAuthenticationTicket parameter Description:
FormsAuthenticationTicket (
int version,//set to 1, version number automatically provided by system
String name,//user identifier, get the user name associated with the authentication Cookie
DateTime issuedate,//cookie the time of issue, set to DateTime.Now
DateTime expiration,//Get the date/time when the Cookie expires
BOOL Ispersistent,//whether persistent (set as desired, if set to persistent, the cookie's expires setting must be set when the cookie is issued), return true if a persistent cookie has been issued. Otherwise, the authentication Cookie is limited to the browser life cycle scope.
String userData,//Gets the application definition string stored in the Cookie with the comma-separated role string prepared above
String Cookiepath//Returns the path where the Cookie is issued. Notice that the path to the form is set to "/", which is consistent with the path where the cookie is issued, because this path is used to refresh the cookie. Because forms are case-sensitive, this is a protective measure to prevent the case of URLs in a site that are not case-sensitive.
);

4.global.asax.cs

<div style= "Border-right: #cccccc 1px solid; padding-right:5px; Border-top: #cccccc 1px solid; padding-left:4px; font-size:13px; border-bottom-width:1px; Border-bottom-color: #cccccc; padding-bottom:4px; Border-left: #cccccc 1px solid; width:98% ">protected void Application_AuthenticateRequest (Object sender, EventArgs e)
{
HttpApplication app = (HttpApplication) sender;
HttpContext CTX = App. context; Gets the HttpContext object for this HTTP request
if (CTX. User!= null)
{
if (CTX. request.isauthenticated = = true)//authenticated general user for role verification
{
System.Web.Security.FormsIdentity fi = (System.Web.Security.FormsIdentity) ctx. User.Identity;
System.Web.Security.FormsAuthenticationTicket ticket = fi. Ticket; Obtain an authentication ticket
String userData = Ticket. userdata;//restore role information from UserData
string[] roles = Userdata.split (', '); To convert role data to an array of strings to get relevant role information
CTx. User = new System.Security.Principal.GenericPrincipal (FI, roles); So that the current user has role information
}
}
}</div>
Note: If you use HttpModule, the code here should be added to the AuthenticateRequest event