CREATE
DATABASE web
CREATE TABLE users
(
username nvarchar ( 64 ) CONSTRAINT users_PK PRIMARY KEY ,
password nvarchar ( 128 ),
roles nvarchar ( 64 )
)
CREATE INDEX credentials ON users
(
username,
password
)
DATABASE web
CREATE TABLE users
(
username nvarchar ( 64 ) CONSTRAINT users_PK PRIMARY KEY ,
password nvarchar ( 128 ),
roles nvarchar ( 64 )
)
CREATE INDEX credentials ON users
(
username,
password
)
格式
username |password |roles
"hstewart"|"codeproject" |"Administrator,User"
"joe" |"schmoe" |"User"
web.config 的设置
<?
xml version="1.0" encoding="utf-8"
?>
< configuration >
< system .web >
< compilation
defaultLanguage ="c#"
debug ="true"
/>
< customErrors
mode ="RemoteOnly"
/>
< authentication mode ="Forms" >
< forms name ="MYWEBAPP.ASPXAUTH"
loginUrl ="login.aspx"
protection ="All"
path ="/" />
</ authentication >
< authorization >
< allow users ="*" />
</ authorization >
< trace
enabled ="false"
requestLimit ="10"
pageOutput ="false"
traceMode ="SortByTime"
localOnly ="true"
/>
< sessionState
mode ="InProc"
stateConnectionString ="tcpip=127.0.0.1:42424"
sqlConnectionString ="data source=127.0.0.1;Trusted_Connection=yes"
cookieless ="false"
timeout ="20"
/>
< globalization
requestEncoding ="utf-8"
responseEncoding ="utf-8"
/>
</ system.web >
< location path ="administrators" >
< system .web >
< authorization >
<!-- Order and case are important below -->
< allow roles ="Administrator" />
< deny users ="*" />
</ authorization >
</ system.web >
</ location >
< location path ="users" >
< system .web >
< authorization >
<!-- Order and case are important below -->
< allow roles ="User" />
< deny users ="*" />
</ authorization >
</ system.web >
</ location >
</ configuration >
< configuration >
< system .web >
< compilation
defaultLanguage ="c#"
debug ="true"
/>
< customErrors
mode ="RemoteOnly"
/>
< authentication mode ="Forms" >
< forms name ="MYWEBAPP.ASPXAUTH"
loginUrl ="login.aspx"
protection ="All"
path ="/" />
</ authentication >
< authorization >
< allow users ="*" />
</ authorization >
< trace
enabled ="false"
requestLimit ="10"
pageOutput ="false"
traceMode ="SortByTime"
localOnly ="true"
/>
< sessionState
mode ="InProc"
stateConnectionString ="tcpip=127.0.0.1:42424"
sqlConnectionString ="data source=127.0.0.1;Trusted_Connection=yes"
cookieless ="false"
timeout ="20"
/>
< globalization
requestEncoding ="utf-8"
responseEncoding ="utf-8"
/>
</ system.web >
< location path ="administrators" >
< system .web >
< authorization >
<!-- Order and case are important below -->
< allow roles ="Administrator" />
< deny users ="*" />
</ authorization >
</ system.web >
</ location >
< location path ="users" >
< system .web >
< authorization >
<!-- Order and case are important below -->
< allow roles ="User" />
< deny users ="*" />
</ authorization >
</ system.web >
</ location >
</ configuration >
Global.asax
protected
void
Application_AuthenticateRequest(Object sender, EventArgs e)
{
if (HttpContext.Current.User != null)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (HttpContext.Current.User.Identity is FormsIdentity)
{
FormsIdentity id =
(FormsIdentity)HttpContext.Current.User.Identity;
FormsAuthenticationTicket ticket = id.Ticket;
// Get the stored user-data, in this case, our roles
string userData = ticket.UserData;
string[] roles = userData.Split(',');
HttpContext.Current.User = new GenericPrincipal(id, roles);
}
}
}
}
{
if (HttpContext.Current.User != null)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (HttpContext.Current.User.Identity is FormsIdentity)
{
FormsIdentity id =
(FormsIdentity)HttpContext.Current.User.Identity;
FormsAuthenticationTicket ticket = id.Ticket;
// Get the stored user-data, in this case, our roles
string userData = ticket.UserData;
string[] roles = userData.Split(',');
HttpContext.Current.User = new GenericPrincipal(id, roles);
}
}
}
}
System.Web .HttpApplication app
=
((HttpApplication)sender);
System.Web.HttpContext ctx = app.Context;
if (ctx.Request .IsAuthenticated)
System.Web.HttpContext ctx = app.Context;
if (ctx.Request .IsAuthenticated)
login.aspx
private
void
Button1_Click(
object
sender, System.EventArgs e)
{
// Initialize FormsAuthentication, for what it's worth
FormsAuthentication.Initialize();
// Create our connection and command objects
SqlConnection conn =
new SqlConnection("server=localhost;database=web;User ID=sa;password=");
SqlCommand cmd = conn.CreateCommand();
cmd.CommandText = "SELECT roles FROM users WHERE username=@username " +
"AND password=@password";
// Fill our parameters
cmd.Parameters.Add("@username", SqlDbType.NVarChar, 64).Value =
Username.Text;
cmd.Parameters.Add("@password", SqlDbType.NVarChar, 128).Value =
Password.Text; // Or "sha1"
// Execute the command
conn.Open();
SqlDataReader reader = cmd.ExecuteReader();
if (reader.Read())
{
// Create a new ticket used for authentication
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, // Ticket version
Username.Text, // Username associated with ticket
DateTime.Now, // Date/time issued
DateTime.Now.AddMinutes(30), // Date/time to expire
true, // "true" for a persistent user cookie
reader.GetString(0), // User-data, in this case the roles
FormsAuthentication.FormsCookiePath);// Path cookie valid for
// Encrypt the cookie using the machine key for secure transport
string hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(
FormsAuthentication.FormsCookieName, // Name of auth cookie
hash); // Hashed ticket
// Set the cookie's expiration time to the tickets expiration time
if (ticket.IsPersistent) cookie.Expires = ticket.Expiration;
// Add the cookie to the list for outgoing response
Response.Cookies.Add(cookie);
// Redirect to requested URL, or homepage if no previous page
// requested
string returnUrl = Request.QueryString["ReturnUrl"];
if (returnUrl == null) returnUrl = "/";
// Don't call FormsAuthentication.RedirectFromLoginPage since it
// could
// replace the authentication ticket (cookie) we just added
Response.Redirect(returnUrl);
}
else
{
// Never tell the user if just the username is password is incorrect.
// That just gives them a place to start, once they've found one or
// the other is correct!
ErrorLabel.Text = "Username / password incorrect. Please try again.";
ErrorLabel.Visible = true;
}
reader.Close();
conn.Close();
}
{
// Initialize FormsAuthentication, for what it's worth
FormsAuthentication.Initialize();
// Create our connection and command objects
SqlConnection conn =
new SqlConnection("server=localhost;database=web;User ID=sa;password=");
SqlCommand cmd = conn.CreateCommand();
cmd.CommandText = "SELECT roles FROM users WHERE username=@username " +
"AND password=@password";
// Fill our parameters
cmd.Parameters.Add("@username", SqlDbType.NVarChar, 64).Value =
Username.Text;
cmd.Parameters.Add("@password", SqlDbType.NVarChar, 128).Value =
Password.Text; // Or "sha1"
// Execute the command
conn.Open();
SqlDataReader reader = cmd.ExecuteReader();
if (reader.Read())
{
// Create a new ticket used for authentication
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, // Ticket version
Username.Text, // Username associated with ticket
DateTime.Now, // Date/time issued
DateTime.Now.AddMinutes(30), // Date/time to expire
true, // "true" for a persistent user cookie
reader.GetString(0), // User-data, in this case the roles
FormsAuthentication.FormsCookiePath);// Path cookie valid for
// Encrypt the cookie using the machine key for secure transport
string hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(
FormsAuthentication.FormsCookieName, // Name of auth cookie
hash); // Hashed ticket
// Set the cookie's expiration time to the tickets expiration time
if (ticket.IsPersistent) cookie.Expires = ticket.Expiration;
// Add the cookie to the list for outgoing response
Response.Cookies.Add(cookie);
// Redirect to requested URL, or homepage if no previous page
// requested
string returnUrl = Request.QueryString["ReturnUrl"];
if (returnUrl == null) returnUrl = "/";
// Don't call FormsAuthentication.RedirectFromLoginPage since it
// could
// replace the authentication ticket (cookie) we just added
Response.Redirect(returnUrl);
}
else
{
// Never tell the user if just the username is password is incorrect.
// That just gives them a place to start, once they've found one or
// the other is correct!
ErrorLabel.Text = "Username / password incorrect. Please try again.";
ErrorLabel.Visible = true;
}
reader.Close();
conn.Close();
}
在根目录下建
administrators 目录
users 目录
两个目录下分别建调用页面
调用页面内容
private
void
Page_Load(
object
sender, System.EventArgs e)
{
// 在此处放置用户代码以初始化页面
if (User.IsInRole("Administrator"))
this.Response .Write ("Administrator");
if (User.IsInRole ("User"))
this.Response .Write ("User");
}
{
// 在此处放置用户代码以初始化页面
if (User.IsInRole("Administrator"))
this.Response .Write ("Administrator");
if (User.IsInRole ("User"))
this.Response .Write ("User");
}