User管理 FormsAuthenticationTicket

 Global

1    void Application_AuthenticateRequest(object sender, EventArgs e)

2         {

3             UserHelper.SetRoles();

4         }

Login:

 1    protected void LoginUser_Authenticate(object sender, AuthenticateEventArgs e)

 2         {   

 3            string username=LoginUser.UserName;

 4            string password=LoginUser.Password;

 5            bool IsRemember=LoginUser.RememberMeSet;

 6              

 7             if(UserHelper.IsDBAuthenticated(username,password))

 8             {  

 9                 string roles=UserHelper.GetDBRoles(username,password);

10                 UserHelper.Login(username, IsRemember, roles);

11             } 

12             

13         }

Web.config

<configuration>

  <system.web>

    <compilation debug="true" targetFramework="4.0" />

    <machineKey validationKey="3FF1E929BC0534950B0920A7B59FA698BD02DFE8" 

                decryptionKey="280450BB36319B474C996B506A95AEDF9B51211B1D2B7A77" 

                decryption="3DES" 

                validation="SHA1"/>

    <authentication mode="Forms">

      <forms name="CURRENT_AUTH_Cookies_NAME"

             loginUrl="~/Account/Login.aspx"

             defaultUrl="~/About.aspx"             

             timeout="100">

        <credentials passwordFormat="SHA1"></credentials>

      </forms>      

    </authentication>

  </system.web>

</configuration>

UserHelper类文件:

UserHelper

  1 public class UserHelper

  2     {

  3         #region DB

  4         public static bool IsDBAuthenticated(string username, string password)

  5         {

  6             return true; //查询数据库

  7         }

  8 

  9         public static string GetDBRoles(string username, string password)

 10         {

 11             return "editor,admin";// 查询数据库

 12         }

 13         #endregion

 14 

 15         #region Tools

 16 

 17         public static bool IsLogin()

 18         {

 19             var user=HttpContext.Current.User;

 20             if (user==null || !user.Identity.IsAuthenticated 

 21                            || string.IsNullOrEmpty(user.Identity.Name))

 22             {

 23                 HttpContext.Current.Response.Redirect(FormsAuthentication.LoginUrl+"?ReturnUrl="

 24                                                                 + HttpContext.Current.Request.Url);

 25                 return false;

 26             }

 27             return true;

 28         } 

 29 

 30         public static bool InRole(string role)

 31         {

 32             var user=HttpContext.Current.User;

 33             if (user!=null && user.Identity.IsAuthenticated && user.Identity is FormsIdentity)

 34             {

 35                 return user.IsInRole(role);

 36             }

 37             return false;

 38         }

 39 

 40         //一般由于Global::Application_AuthenticateRequest()

 41         public static void SetRoles()

 42         {

 43             var user=HttpContext.Current.User;

 44             if (user!=null && user.Identity.IsAuthenticated && user.Identity is FormsIdentity)

 45             {

 46                 FormsIdentity id=user.Identity as FormsIdentity;

 47                 FormsAuthenticationTicket ticket=id.Ticket;

 48                 string userData=ticket.UserData;              

 49 

 50                 // FormsAuthenticationTicket ticket2 = new FormsAuthenticationTicket(2, ticket.Name,

 51                 //                                      DateTime.Now, ticket.Expiration, false, userData);

 52                 // SetTicket(ticket2,ticket.Expiration);

 53                 string[] roles=userData.Split(',');

 54                 HttpContext.Current.User=new GenericPrincipal(id, roles);                

 55             }

 56         }

 57       

 58         public static FormsAuthenticationTicket GetTicket()

 59         {

 60             //添加下列代码以从窗体身份验证 cookie 中提取和解密身份验证票。

 61             string cookieName = FormsAuthentication.FormsCookieName;

 62             HttpCookie authCookie = HttpContext.Current.Request.Cookies[cookieName];

 63             if (authCookie==null)

 64                 return null;

 65             FormsAuthenticationTicket authTicket = null;

 66             try

 67             {

 68                 authTicket = FormsAuthentication.Decrypt(authCookie.Value);

 69             }

 70             catch (Exception ex)

 71             {

 72                 // Log exception details (omitted for simplicity)

 73                 return null;

 74             }

 75 

 76             return authTicket;

 77         }

 78 

 79         public static void SetTicket(FormsAuthenticationTicket ticket, DateTime endtime)

 80         {

 81             var hashString = FormsAuthentication.Encrypt(ticket);

 82             HttpCookie cookie=new HttpCookie(FormsAuthentication.FormsCookieName, hashString);

 83             cookie.Expires=endtime;

 84            

 85             if(HttpContext.Current.Request.Cookies.AllKeys.Contains(FormsAuthentication.FormsCookieName))

 86                  HttpContext.Current.Response.Cookies.Remove(FormsAuthentication.FormsCookieName);

 87             HttpContext.Current.Response.Cookies.Add(cookie);

 88         }

 89         #endregion

 90 

 91         #region Login Logout

 92         public static void Login(string UserName,bool IsRemember,string  roles)

 93         {

 94 

 95             DateTime now=DateTime.Now;

 96             DateTime endtime=now.AddMinutes(30);

 97             if (IsRemember)

 98                 endtime=now.AddYears(1);

 99          

100             FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(2,UserName,

101                                                                   now, endtime, false, roles);

102             SetTicket(ticket, endtime);

103             // FormsAuthentication.RedirectFromLoginPage(UserName,IsRemember);

104            HttpContext.Current.Response.Redirect(FormsAuthentication.GetRedirectUrl(UserName,IsRemember));

105          

106         }

107         

108         public static void Logout()

109         {

110             FormsAuthentication.SignOut();

111             FormsAuthentication.RedirectToLoginPage();

112         }

113         #endregion

114     }

AdminAbout:

 1  public partial class AdminAbout : System.Web.UI.Page

 2     {

 3         protected void Page_Load(object sender, EventArgs e)

 4         {

 5 

 6             if (UserHelper.IsLogin())

 7             {

 8                 if (!UserHelper.InRole("admin"))                

 9                 {

10                     UserHelper.Logout();

11                     Response.Redirect("~/Account/Login.aspx?ReturnUrl="+Request.Url);

12                 }

13 

14             }

15             

16         }

17     }