前段时间了为了班级比赛参加了网页设计,顺便也想学习一下ASP.NET。因为写的是Blog,加入了后台和用户权限管理等功能。
首先在Web.config里面加入权限验证提供程序:
<system.web> <roleManager defaultProvider="MyRoleProvider" enabled="true" cacheRolesInCookie="true" cookieName=".ASPROLES" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="All" > <providers> <clear /> <add name="MyRoleProvider" type="blog1.MyRoleProvider" writeExceptionsToEventLog="false" /> </providers> </roleManager> </system.web>
然后需要手动写MyRoleProvider继承System.Web.Security.RoleProvider,因为考虑角色,所以只需要重写GetRolesForUser,其他的都抛出错误就行了。
public class MyRoleProvider : System.Web.Security.RoleProvider { public override string[] GetRolesForUser(string username) { FormsIdentity Id = HttpContext.Current.User.Identity as FormsIdentity; if (Id != null) { return Id.Ticket.UserData.Split(new Char[] { ',' }); } return null; } public override void AddUsersToRoles(string[] usernames, string[] roleNames) { throw new NotImplementedException(); } public override void CreateRole(string roleName) { throw new NotImplementedException(); } public override bool DeleteRole(string roleName, bool throwOnPopulatedRole) { throw new NotImplementedException(); } public override string[] FindUsersInRole(string roleName, string usernameToMatch) { throw new NotImplementedException(); } public override string[] GetAllRoles() { throw new NotImplementedException(); } public override string[] GetUsersInRole(string roleName) { throw new NotImplementedException(); } public override bool IsUserInRole(string username, string roleName) { throw new NotImplementedException(); } public override void RemoveUsersFromRoles(string[] usernames, string[] roleNames) { throw new NotImplementedException(); } public override bool RoleExists(string roleName) { throw new NotImplementedException(); } public override string ApplicationName { get { throw new NotImplementedException(); } set { throw new NotImplementedException(); } } }
验证成功之后,编写Cookie:
System.Web.Security.FormsAuthentication.SetAuthCookie(Login1.UserName,false,FormsAuthentication.FormsCookiePath); FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, Login1.UserName, DateTime.Now, DateTime.Now.AddMinutes(20), false, role, FormsAuthentication.FormsCookiePath); // generate new identity FormsIdentity identity = new FormsIdentity(ticket); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket)); // write to client. Response.Cookies.Add(cookie);
对于需要验证的地方只需要在Web.config里面加入:
<location path="Admin"> <system.web> <authorization> <allow roles="Admins"/> <deny users="*"/> </authorization> </system.web> </location>
其中*代表所有用户,?代表匿名用户
Comments NOTHING