一個用asp.net實現Forms驗證的例子

1. Set related sections in web.config:

<authentication
mode="Forms" >

<forms
loginUrl="Login.aspx"

protection="All"

timeout="30"

name=".ASPXAUTH"

path="/"

requireSSL="false"

slidingExpiration="true"

defaultUrl="default.aspx"

cookieless="UseDeviceProfile"

enableCrossAppRedirects="false" />

</authentication>

1. Put different kinds of files into different folders. This is because: before being visited, some files need users to login in, while others needn't.
2. Set related sections in web.config to realize the function which is described in the 2nd point.

<system.web>

    …

<authorization>

<allow
users="*" />

</authorization>

</system.web>

<location
path="Admin">

<system.web>

<authorization>

<deny
users="?" />

</authorization>

</system.web>

</location>

<location
path="Admin/NeedNotLogin.aspx">

<system.web>

<authorization>

<allow
users="*" />

</authorization>

</system.web>

</location>

1. Write codes in clicking event of the login button:

protected
void btnLogin_Click(object sender, EventArgs e)

{

if( ValidateUser( txtUserName.Text , txtPassword.Text ))

{

HttpCookie authenticationCookie=FormsAuthentication.GetAuthCookie(txtUserName.Text,true);

authenticationCookie.Expires=DateTime.Now.AddDays(3);//three days.

Response.Cookies.Add(authenticationCookie);

 

Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUserName.Text,true));

}

else

{

Response.Write("invalid user!");

}

}