asp.net程序开发,用户根据角色访问对应页面以及功能。
项目结构如下图:
根目录 Web.config 代码:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
<? xml version = "1.0" encoding = "utf-8" ?>
<!--
有关如何配置 ASP.NET 应用程序的详细消息,请访问
http://go.microsoft.com/fwlink/?LinkId=169433
-->
< configuration >
< system.web >
< compilation debug = "true" targetFramework = "4.0" />
< authentication mode = "Forms" >
< forms loginUrl = "login.aspx" ></ forms >
</ authentication >
<!--<authorization>
<allow users="*"></allow>
</authorization>-->
</ system.web >
</ configuration >
|
admin文件夹中 Web.config 代码:
1
2
3
4
5
6
7
8
9
|
<? xml version = "1.0" ?>
< configuration >
< system.web >
< authorization >
< allow roles = "admin" />
< deny users = "*" />
</ authorization >
</ system.web >
</ configuration >
|
teacher文件夹中 Web.config 代码:
1
2
3
4
5
6
7
8
9
|
<? xml version = "1.0" ?>
< configuration >
< system.web >
< authorization >
< allow roles = "teacher" />
< deny users = "*" />
</ authorization >
</ system.web >
</ configuration >
|
student文件夹中 Web.config 代码:
1
2
3
4
5
6
7
8
9
|
<? xml version = "1.0" ?>
< configuration >
< system.web >
< authorization >
< allow roles = "student" />
< deny users = "*" />
</ authorization >
</ system.web >
</ configuration >
|
Login.aspx中登录成功后设置Cookie,设置Cookie代码:
1
2
3
4
5
6
7
8
|
protected void SetLoginCookie( string username, string roles)
{
System.Web.Security.FormsAuthentication.SetAuthCookie(username, false );
System.Web.Security.FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, username, DateTime.Now, DateTime.Now.AddDays(1), false , roles, "/" );
string hashTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie userCookie = new HttpCookie(FormsAuthentication.FormsCookieName, hashTicket);
HttpContext.Current.Response.SetCookie(userCookie);
}
|
Global.asax 中进行身份验证:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
protected void Application_AuthenticateRequest( object sender, EventArgs e)
{
HttpApplication app = (HttpApplication)sender;
HttpContext ctx = app.Context; //获取本次Http请求的HttpContext对象
if (ctx.User != null )
{
if (ctx.Request.IsAuthenticated == true ) //验证过的一般用户才能进行角色验证
{
System.Web.Security.FormsIdentity fi = (System.Web.Security.FormsIdentity)ctx.User.Identity;
System.Web.Security.FormsAuthenticationTicket ticket = fi.Ticket; //取得身份验证票
string userData = ticket.UserData; //从UserData中恢复role信息
string [] roles = userData.Split( ',' ); //将角色数据转成字符串数组,得到相关的角色信息
ctx.User = new System.Security.Principal.GenericPrincipal(fi, roles); //这样当前用户就拥有角色信息了
}
}
}
|
以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,同时也希望多多支持服务器之家!
原文链接:http://www.cnblogs.com/lyyjun1203/p/6365780.html