先来看下FormsAuthentication.SetAuthCookie的解释
参照:http://msdn.microsoft.com/en-us/library/system.web.security.formsauthentication.setauthcookie.aspx
Creates an authentication ticket for the supplied user name and adds it to the cookies collection of the response, or to the URL if you are using cookieless authentication.
为一个提供的用户名创建一个身份验证凭据,并把它添加到 response 请求响应的 cookies collection 中(或因缺少 Cookie 把它添加到响应请求的 URL 中)
本人英语实在太烂,翻译让大家见笑了。
NameDescription
SetAuthCookie(String, Boolean)
Creates an authentication ticket for the supplied user name and adds it to the cookies collection of the response, or to the URL if you are using cookieless authentication.
SetAuthCookie(String, Boolean, String)
Creates an authentication ticket for the supplied user name and adds it to the cookies collection of the response, using the supplied cookie path, or using the URL if you are using cookieless authentication.
这里面的翻译就不说了,这个会用了自然知道描述的是什么,很多时候,像是描述这种东西,很难解释清楚一个方法的具体使用的,不过自己学者用几次,然后就悟到了。
详细解释请看上面提供的参照url,我这里只说下用法。
再来看下FormsAuthentication.RedirectFromLoginPage的解释
参照:http://msdn.microsoft.com/zh-cn/library/system.web.security.formsauthentication.redirectfromloginpage(v=VS.80).aspx
将经过身份验证的用户重定向回最初请求的 URL 或默认 URL。
解释就不说了,下面直接上例子,我也怕读者烦,要的就是现成的代码不是吗?嘎嘎,其实我也是这么想的。
1.当没有用自带的登陆控件进行验证登陆时,会导致页面一直需要验证,因为页面Cookie中没有值。必须在用户登陆验证成功后将用户的登陆ID值付给AuthCookie,以下是登录验证并将登陆用户信息添加到AuthCookie中。
关键代码:
FormsAuthentication.SetAuthCookie(userName, false);
FormsAuthentication.RedirectFromLoginPage(userName, false);
protected void btnLogin_Click(object sender, EventArgs e) { string userName = txtUserName.Text.Trim(); string password = txtPassword.Text.Trim(); string validateCode = txtValidateCode.Text.Trim(); BizResult<bool> bizResult = UserManager.UserLogin(userName, password, validateCode); if (bizResult != null && bizResult.IsSuccess) { FormsAuthentication.SetAuthCookie(userName, false); FormsAuthentication.RedirectFromLoginPage(userName, false); string message = "成功登入系统"; //#if !DEBUG BaseConfigManager baseManager = new BaseConfigManager(); baseManager.AddBillingOperationLog(3, message, 1); //#endif } else { ClientScript.RegisterStartupScript(typeof(_Default), "NO_SUCH_EMPLOYEE", "<script>alert('" + bizResult.ReturnString + "')</script>"); } }
2.获取当前用户(这个是使用的关键,把东西塞进AuthCookie不知道怎么用,肿莫办?)
关键代码:
HttpCookie cookie = HttpContext.Current.Request.Cookies.Get(FormsAuthentication.FormsCookieName);
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);
string userName = ticket.Name;
/// <summary> /// 获取当前用户 /// </summary> /// <returns></returns> public static UserInfo GetCurrentUser() { HttpCookie cookie = HttpContext.Current.Request.Cookies.Get(FormsAuthentication.FormsCookieName); if (cookie == null || string.IsNullOrEmpty(cookie.Value)) return null; FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value); string userName = ticket.Name; if (!string.IsNullOrEmpty(userName)) { if (userName == CmfuConfig.Instance.AppSetting.PowerUserName) { UserInfo user = new UserInfo(); user.Id = -1; user.UserName = CmfuConfig.Instance.AppSetting.PowerUserName; user.PassWord = CmfuConfig.Instance.AppSetting.PowerUserPwd; user.PageRoleId = CmfuConfig.Instance.AppSetting.ADMINPAGEROLE; user.AppRoleId = CmfuConfig.Instance.AppSetting.ADMINAPPROLE; user.AppRoleName = "超级管理员"; user.PageRoleName = "超级管理员"; user.Status = 1; return user; } else { BizResult<UserInfo> returnObj = UserManager.GetUserByUserName(userName); if (returnObj != null && returnObj.IsSuccess) return returnObj.ReturnObject; } } return null; }
3.当前登录用户退出
protected void lbtnSignOut_Click(object sender, EventArgs e) { FormsAuthentication.SignOut();//退出当前登录。 Response.Redirect("/Login.aspx");//页面重定向 }
总结:
FormsAuthentication.SetAuthCookie创建身份验证票并将其附加到 Cookie
FormsAuthentication里有SetAuthCookie和RedirectFromLoginPage两个方法将用户的登陆信息(标记)记录到Cookie中
而Forms认证方式中的HttpContext.Current.User.Identity.IsAuthenticated;依赖于这个Cookie里的信息判断用户是否登陆。
FormsAuthentication.SignOut用来清除这个Cookie标记
相关文章![[Enterprise Library for .NET Framework 2.0]自定义日志路径或日志文件名称](/Upload/SmallIMG/2014082118/7EB88383BBF323E9.png)
