62,046
社区成员
发帖
与我相关
我的任务
分享有关ASP.Net 2.0 中的身份验证、角色验证,不知道能不能实现,如果有答复200分奉上!
我想用自己的用户表,结构很简单
Users:
UserID char(10)
Password char(10)
Name nvarchar(20)
Role char(10)
但是像使用它的规则来限制一些用户的功能,能不能不现实RoleProvider和MemberShipProvider,那样好麻烦来照样使用角色管理和成员资格管理
<location path="Members">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<location path="Admins">
<system.web>
<authorization>
<deny users="*"/>
<allow roles="Admin"/>
</authorization>
</system.web>
</location>
就Members规则只要下面这样就行:
protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
//ToDo: 这里执行自己的数据库用户查询
e.Authenticated = true;
}
这样就能通过身份验证,但是只是说当前用户不是匿名用户,如果我想让当前User通过具有Admin角色的规则怎样做呢?
Users:
UserID char(10)
Password char(10)
Name nvarchar(20)
Role char(10)
但是像使用它的规则来限制一些用户的功能,能不能不现实RoleProvider和MemberShipProvider,那样好麻烦来照样使用角色管理和成员资格管理
<location path="Members">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<location path="Admins">
<system.web>
<authorization>
<deny users="*"/>
<allow roles="Admin"/>
</authorization>
</system.web>
</location>
就Members规则只要下面这样就行:
protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
//ToDo: 这里执行自己的数据库用户查询
e.Authenticated = true;
}
这样就能通过身份验证,但是只是说当前用户不是匿名用户,如果我想让当前User通过具有Admin角色的规则怎样做呢?
...全文
请发表友善的回复…
发表回复
dsclub 2006-03-04
- 打赏
- 举报
多谢了,兄弟,道路指明了,接下来就我自己研究了!!
dsclub 2006-03-04
- 打赏
- 举报
<deny users="*"/>
<allow roles="Admin"/>
________________________
改为:
<allow roles="Admin"/>
<deny users="*" />
晕,这样就OK了!!!!
<allow roles="Admin"/>
________________________
改为:
<allow roles="Admin"/>
<deny users="*" />
晕,这样就OK了!!!!
iuhxq 2006-03-04
- 打赏
- 举报
web.config里这样:
<location path="Admin">
<system.web>
<authorization>
<allow roles="Admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Admin">
<system.web>
<authorization>
<allow roles="Admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
iuhxq 2006-03-04
- 打赏
- 举报
我也想知道楼主的问题,不过估计数据库字段已经定死了,是不能改的。
也正在研究2.0的身份验证呢
也正在研究2.0的身份验证呢
dsclub 2006-03-04
- 打赏
- 举报
晕了:
web.config
<location path="Members">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<location path="Admins">
<system.web>
<authorization>
<deny users="*"/>
<allow roles="Admin"/>
</authorization>
</system.web>
</location>
_______________________________________________________
Default.aspx.cs
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
Response.Write(User.IsInRole("Admin"));
}
protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
//e.Authenticated = true;
//密码正确就加入验证,userName=你的库中的Name,userRole你库中的角色
FormsAuthenticationTicket myTicket = new FormsAuthenticationTicket(1, "dsclub", DateTime.Now, DateTime.Now.AddDays(1), true, "Admin");
//加密
string encrypt = FormsAuthentication.Encrypt(myTicket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encrypt);
cookie.Expires = DateTime.Now.AddDays(1);
Response.Cookies.Add(cookie);
//获取跳转的路径
string returnUrl = FormsAuthentication.GetRedirectUrl(FormsAuthentication.FormsCookieName, false);
Response.Redirect(returnUrl);
}
}
___________________________________________________________
Global.asax:
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
if (User != null)
{
HttpContext.Current.Response.Write("AAA");
if (User.Identity.IsAuthenticated)
{
HttpContext.Current.Response.Write("BBB");
//if (User.Identity.AuthenticationType. is FormsIdentity)
{
HttpContext.Current.Response.Write("CCC");
FormsIdentity identity = (FormsIdentity)User.Identity;
//从identity中取出角色
FormsAuthenticationTicket ticket = identity.Ticket;
string userRole = ticket.UserData;
string[] role = userRole.Split(',');
//HttpContext.Current.Response.Write(role.GetValue(0).ToString());
//加到当前的用户信息中
//User = new System.Security.Principal.GenericPrincipal(User.Identity, role);
HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(User.Identity, role);
}
}
}
}
web.config
<location path="Members">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<location path="Admins">
<system.web>
<authorization>
<deny users="*"/>
<allow roles="Admin"/>
</authorization>
</system.web>
</location>
_______________________________________________________
Default.aspx.cs
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
Response.Write(User.IsInRole("Admin"));
}
protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
//e.Authenticated = true;
//密码正确就加入验证,userName=你的库中的Name,userRole你库中的角色
FormsAuthenticationTicket myTicket = new FormsAuthenticationTicket(1, "dsclub", DateTime.Now, DateTime.Now.AddDays(1), true, "Admin");
//加密
string encrypt = FormsAuthentication.Encrypt(myTicket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encrypt);
cookie.Expires = DateTime.Now.AddDays(1);
Response.Cookies.Add(cookie);
//获取跳转的路径
string returnUrl = FormsAuthentication.GetRedirectUrl(FormsAuthentication.FormsCookieName, false);
Response.Redirect(returnUrl);
}
}
___________________________________________________________
Global.asax:
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
if (User != null)
{
HttpContext.Current.Response.Write("AAA");
if (User.Identity.IsAuthenticated)
{
HttpContext.Current.Response.Write("BBB");
//if (User.Identity.AuthenticationType. is FormsIdentity)
{
HttpContext.Current.Response.Write("CCC");
FormsIdentity identity = (FormsIdentity)User.Identity;
//从identity中取出角色
FormsAuthenticationTicket ticket = identity.Ticket;
string userRole = ticket.UserData;
string[] role = userRole.Split(',');
//HttpContext.Current.Response.Write(role.GetValue(0).ToString());
//加到当前的用户信息中
//User = new System.Security.Principal.GenericPrincipal(User.Identity, role);
HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(User.Identity, role);
}
}
}
}
iuhxq 2006-03-04
- 打赏
- 举报
登陆代码:
FormsAuthenticationTicket Ticket = new FormsAuthenticationTicket(1, "admin", DateTime.Now, DateTime.Now.AddMinutes(30), false, "Admin", "/");
string HashTicket = FormsAuthentication.Encrypt(Ticket);
HttpCookie UserCookie = new HttpCookie(FormsAuthentication.FormsCookieName, HashTicket);
HttpContext.Current.Response.Cookies.Add(UserCookie);
Response.Redirect("~/Admin/default.aspx");
FormsAuthenticationTicket Ticket = new FormsAuthenticationTicket(1, "admin", DateTime.Now, DateTime.Now.AddMinutes(30), false, "Admin", "/");
string HashTicket = FormsAuthentication.Encrypt(Ticket);
HttpCookie UserCookie = new HttpCookie(FormsAuthentication.FormsCookieName, HashTicket);
HttpContext.Current.Response.Cookies.Add(UserCookie);
Response.Redirect("~/Admin/default.aspx");
iuhxq 2006-03-04
- 打赏
- 举报
恢复角色:
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
HttpContext ctx = (sender as HttpApplication).Context;
if (ctx.Request.IsAuthenticated == true) //验证过的用户才进行role的处理
{
FormsIdentity Id = (FormsIdentity)ctx.User.Identity;
FormsAuthenticationTicket Ticket = Id.Ticket; //取得身份验证票
string[] Roles = Ticket.UserData.Split(','); //将身份验证票中的role数据转成字符串数组
ctx.User = new System.Security.Principal.GenericPrincipal(Id, Roles); //将原有的Identity加上角色信息新建一个GenericPrincipal表示当前用户,这样当前用户就拥有了role信息
}
}
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
HttpContext ctx = (sender as HttpApplication).Context;
if (ctx.Request.IsAuthenticated == true) //验证过的用户才进行role的处理
{
FormsIdentity Id = (FormsIdentity)ctx.User.Identity;
FormsAuthenticationTicket Ticket = Id.Ticket; //取得身份验证票
string[] Roles = Ticket.UserData.Split(','); //将身份验证票中的role数据转成字符串数组
ctx.User = new System.Security.Principal.GenericPrincipal(Id, Roles); //将原有的Identity加上角色信息新建一个GenericPrincipal表示当前用户,这样当前用户就拥有了role信息
}
}
ll_e_mail 2006-03-04
- 打赏
- 举报
<deny users="*"/>
<allow roles="Admin"/>
________________________
改为:
<allow roles="Admin"/>
<deny users="*" />
<allow roles="Admin"/>
________________________
改为:
<allow roles="Admin"/>
<deny users="*" />
dsclub 2006-03-04
- 打赏
- 举报
Response.Write(User.IsInRole("Admin"));
已经是True了,怎么我进入Admins还被弹了出来?
已经是True了,怎么我进入Admins还被弹了出来?
ll_e_mail 2006-03-04
- 打赏
- 举报
QQ:470818746
不过经常不在线,这是为找.net工作,在线面试申请的.
不过经常不在线,这是为找.net工作,在线面试申请的.
dsclub 2006-03-04
- 打赏
- 举报
哥们有QQ么,交个朋友!
QQ:9967030
QQ:9967030
ll_e_mail 2006-03-04
- 打赏
- 举报
这上面的错误代码中看出User为'System.Web.HttpApplication.User'
你用这个HttpContext.Current.User
________________________
不行的话把文件给我发来
你用这个HttpContext.Current.User
________________________
不行的话把文件给我发来
dsclub 2006-03-04
- 打赏
- 举报
Compiler Error Message: CS0200: Property or indexer 'System.Web.HttpApplication.User' cannot be assigned to -- it is read only
Line 49: //加到当前的用户信息中
Line 50: User = new System.Security.Principal.GenericPrincipal(identity,role);
只读呀?
Line 49: //加到当前的用户信息中
Line 50: User = new System.Security.Principal.GenericPrincipal(identity,role);
只读呀?
dsclub 2006-03-04
- 打赏
- 举报
谢过楼上,我试试先,OK就给分!
ll_e_mail 2006-03-04
- 打赏
- 举报
_______________________________________
Global.asax
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
if(User.Identity.IsAuthenticatied == true)
{
if(User.Identity.IsAuthenticatied Is FormsIdentity)
{
FormsIdentity identity= (FormsIdentity)User.Identity;
//从identity中取出角色
FromsAuthenticationTicket ticket = identity.Ticket;
string userRole = ticket.UserData;
string[] role = userRole.Split(",");
//加到当前的用户信息中
User = new GenericPrincipal(identity,orle);
}
}
}
__________________________________
这样你在aspx文件中输入
if(User.IsInRole("库中的角色"))
{
//这就是当前用户的角色
}
Global.asax
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
if(User.Identity.IsAuthenticatied == true)
{
if(User.Identity.IsAuthenticatied Is FormsIdentity)
{
FormsIdentity identity= (FormsIdentity)User.Identity;
//从identity中取出角色
FromsAuthenticationTicket ticket = identity.Ticket;
string userRole = ticket.UserData;
string[] role = userRole.Split(",");
//加到当前的用户信息中
User = new GenericPrincipal(identity,orle);
}
}
}
__________________________________
这样你在aspx文件中输入
if(User.IsInRole("库中的角色"))
{
//这就是当前用户的角色
}
GSXiaoXiao 2006-03-04
- 打赏
- 举报
用判断用户是否属于某一角色,
再根据角色转跳
再根据角色转跳
ll_e_mail 2006-03-04
- 打赏
- 举报
web.config文件
<authentication mode="Forms">
<froms loginUrl="Login.aspx" />
</authentication>
_______________________________________
Login.aspx.cs文件
//密码正确就加入验证,userName=你的库中的Name,userRole你库中的角色
FormsAuthenticationTicket myTicket= new FormsAuthenticationTicket(1,userName,DateTime.Now,DataTime.Now.AddDay(1),true,userRole);
//加密
string encrypt = FormsAuthentication.Encrypt(myTicket);
HttpCookie cookie = new HttpCookie(FromsAuthentication.FromsCookieName,encrypt);
cookie.Expries = DateTime.Now.Add(1);
Response.Cookies.Add(cookie);
//获取跳转的路径
string returnUrl = FormsAuthentication.GetRedirectUrl(FormsAuthentication.FormsCookieName,false);
Response.Redirect(returnUrl);
_______________________________________
Global.asax
<authentication mode="Forms">
<froms loginUrl="Login.aspx" />
</authentication>
_______________________________________
Login.aspx.cs文件
//密码正确就加入验证,userName=你的库中的Name,userRole你库中的角色
FormsAuthenticationTicket myTicket= new FormsAuthenticationTicket(1,userName,DateTime.Now,DataTime.Now.AddDay(1),true,userRole);
//加密
string encrypt = FormsAuthentication.Encrypt(myTicket);
HttpCookie cookie = new HttpCookie(FromsAuthentication.FromsCookieName,encrypt);
cookie.Expries = DateTime.Now.Add(1);
Response.Cookies.Add(cookie);
//获取跳转的路径
string returnUrl = FormsAuthentication.GetRedirectUrl(FormsAuthentication.FormsCookieName,false);
Response.Redirect(returnUrl);
_______________________________________
Global.asax
