ASP.NET 2.0中的表单身份验证 [英] Forms Authentication in ASP.NET 2.0
问题描述
我们正在设计我们的第一个ASP.NET 2.0应用程序,并且
发现表单身份验证在
ASP.NET 2.0中完全不同。
由于多种原因,我们无法使用ASP.NET 2.0提供的标准登录组件
(例如,我们需要完全控制外观 - 包括
使用CSS而非表格进行布局 - 我们需要能够自己处理
身份验证cookie,而不是让内置组件处理
给我们)。我们还需要使用Application_Start事件从我们的数据库中读取查找
数据。
有谁知道如何回到像.NET 1.1这样的东西模型为
编码表格认证。
我不会反对使用提供的组件BTW,只要我们得到
我们以前的功能,只要我们可以自己设置可见的
组件的样式。
Peter
We are in the process of designing our first ASP.NET 2.0 application and
have discovered that Forms Authentication works completely differently in
ASP.NET 2.0.
For a number of reasons, we cannot use the standard login component supplied
with ASP.NET 2.0 (e.g. we need full control of the look and feel - including
using CSS and not tables for layout - and we need to be able to handle the
authentication cookie ourselves rather than let a built-in component handle
it for us). We also need to use the Application_Start event to read lookup
data from our databases.
Does anyone know how to get back to something like the .NET 1.1 model for
coding forms authentication.
I''m not dead against using the supplied components, BTW, as long as we get
the functionality we had before and as long as we can style the visible
components ourselves.
Peter
推荐答案
" Peter Bradley" < pb ****** @ uwic.ac.ukwrote in message
news:ub ************** @ TK2MSFTNGP05.phx.gbl .. 。
"Peter Bradley" <pb******@uwic.ac.ukwrote in message
news:ub**************@TK2MSFTNGP05.phx.gbl...
我们正在设计我们的第一个ASP.NET 2.0应用程序,并且
发现表单身份验证在
ASP.NET 2.0。
由于多种原因,我们无法使用ASP.NET提供的标准登录组件
2.0(例如我们需要完全控制外观和
的感觉 - 包括使用CSS而不是表格进行布局 - 我们需要
我们自己能够处理身份验证cookie而不是让一个
内置组件为我们处理它)。我们还需要使用
Application_Start事件从我们的数据库中读取查找数据。
有谁知道如何回到像.NET 1.1这样的东西模型为
编码表格认证。
我不会反对使用提供的组件BTW,只要我们得到
我们以前的功能,只要我们可以自己设置可见的
组件的样式。
We are in the process of designing our first ASP.NET 2.0 application and
have discovered that Forms Authentication works completely differently in
ASP.NET 2.0.
For a number of reasons, we cannot use the standard login component
supplied with ASP.NET 2.0 (e.g. we need full control of the look and
feel - including using CSS and not tables for layout - and we need to be
able to handle the authentication cookie ourselves rather than let a
built-in component handle it for us). We also need to use the
Application_Start event to read lookup data from our databases.
Does anyone know how to get back to something like the .NET 1.1 model for
coding forms authentication.
I''m not dead against using the supplied components, BTW, as long as we get
the functionality we had before and as long as we can style the visible
components ourselves.
彼得
设计你自己的login.aspx页面
在提交活动时添加以下代码
---- --------------------------
如果用户名和密码正确,则为
//初始化FormsAuthentication
FormsAuthentication.Initialize();
//创建用于身份验证的新票证
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,//票证版本
用户名,//用户名关联d带票据
DateTime.Now,//发布日期/时间
DateTime.Now.AddMonths(1),//到期日期/时间
true,//" true"对于持久用户cookie
UserRoles,//用户数据,在这种情况下是角色
FormsAuthentication.FormsCookiePath); //路径cookie有效
//使用机器密钥加密cookie以进行安全传输
string hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(
FormsAuthentication.FormsCookieName,// auth cookie的名称
hash); //散列票
//将cookie的到期时间设置为票证到期时间
if(ticket.IsPersistent)cookie.Expires = ticket .Expiration;
//将cookie添加到列表中以便传出响应
Response.Cookies.Add(cookie);
//重定向到请求的主页
Response.Redirect(" /");
------------ ------------------
这几乎就是表单身份验证所需要的,而不使用
团体。
Hi Peter
design you own login.aspx page
On submit event add the following code
------------------------------
if UserName and Password were correct
// Initialize FormsAuthentication
FormsAuthentication.Initialize();
// Create a new ticket used for authentication
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, // Ticket version
UserName, // Username associated with ticket
DateTime.Now, // Date/time issued
DateTime.Now.AddMonths(1), // Date/time to expire
true, // "true" for a persistent user cookie
UserRoles, // User-data, in this case the roles
FormsAuthentication.FormsCookiePath); // Path cookie valid for
// Encrypt the cookie using the machine key for secure transport
string hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(
FormsAuthentication.FormsCookieName, // Name of auth cookie
hash); // Hashed ticket
// Set the cookie''s expiration time to the tickets expiration time
if (ticket.IsPersistent) cookie.Expires = ticket.Expiration;
// Add the cookie to the list for outgoing response
Response.Cookies.Add(cookie);
// Redirect to requested homepage
Response.Redirect("/");
------------------------------
That''s pretty much all you need for the Forms Authentication without using
the groups.
" Alexey Smirnov" < al ************ @ gmail.comwrote in message
news:ec ************** @ TK2MSFTNGP05.phx .gbl ...
"Alexey Smirnov" <al************@gmail.comwrote in message
news:ec**************@TK2MSFTNGP05.phx.gbl...
嗨彼得
设计你自己的login.aspx页面
在提交活动时添加以下代码
--------------------------- ---
如果UserName和密码正确
//初始化FormsAuthentication
FormsAuthentication.Initialize();
//创建用于身份验证的新票证
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,//票证版本
UserName,//与票证相关联的用户名
DateTime.Now,//发布日期/时间
DateTime.Now.AddMonths(1),// Date /到期时间
true,//true表示持久用户cookie
UserRoles,//用户数据,在这种情况下是角色
FormsAuthentication.FormsCookiePath); //路径cookie有效
//使用机器密钥加密cookie以进行安全传输
string hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(
FormsAuthentication.FormsCookieName,// auth cookie的名称
hash); //散列票
//将cookie的到期时间设置为票证到期时间
if(ticket.IsPersistent)cookie.Expires = ticket .Expiration;
//将cookie添加到列表中以便传出响应
Response.Cookies.Add(cookie);
//重定向到请求的主页
Response.Redirect(" /");
------------ ------------------
这几乎就是表单身份验证所需要的,而不使用
团体。
Hi Peter
design you own login.aspx page
On submit event add the following code
------------------------------
if UserName and Password were correct
// Initialize FormsAuthentication
FormsAuthentication.Initialize();
// Create a new ticket used for authentication
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, // Ticket version
UserName, // Username associated with ticket
DateTime.Now, // Date/time issued
DateTime.Now.AddMonths(1), // Date/time to expire
true, // "true" for a persistent user cookie
UserRoles, // User-data, in this case the roles
FormsAuthentication.FormsCookiePath); // Path cookie valid for
// Encrypt the cookie using the machine key for secure transport
string hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(
FormsAuthentication.FormsCookieName, // Name of auth cookie
hash); // Hashed ticket
// Set the cookie''s expiration time to the tickets expiration time
if (ticket.IsPersistent) cookie.Expires = ticket.Expiration;
// Add the cookie to the list for outgoing response
Response.Cookies.Add(cookie);
// Redirect to requested homepage
Response.Redirect("/");
------------------------------
That''s pretty much all you need for the Forms Authentication without using
the groups.
你好Alexey,
谢谢你。就登录
页面而言,这几乎就是我们现在所做的。然后我们将类和方法的属性添加到我们希望限制访问的
,指定用户必须登录
并按顺序登录相应角色的成员在该
方法中执行代码或访问该类的对象(取决于要求)。这个
会引发一个身份验证请求事件,该事件在Application_AuthenticateRequest()事件处理程序中的
Global.asax.cs中处理。这个
处理程序获取身份验证cookie并创建一个
FormsAuthenticationTicket,并为其分配解密的cookie值。
然后我们提取用户的角色,并创建一个新的GenericIdentity
传递FormsAuthenticationTicket。最后,我们创建了一个新的
GenericPrincipal对象,传递GenericIdentity和角色。
最后,我们在当前上下文中将GenericPrincipal分配给用户。
我的问题,真的,我们现在把这段代码放在哪里?在哪里
处理AuthenticateRequest事件?
Peter
Hi Alexey,
Thanks for that. This is pretty much what we do now as far as the login
page is concerned. We then add attributes to the classes and methods to
which we wish to restrict access, specifying that the user must be logged in
and a member of the appropriate role in order to execute the code in that
method or access an object of that class (depending on requirements). This
causes an authentication request event to be raised, which is handled in
Global.asax.cs in the Application_AuthenticateRequest() event handler. This
handler fetches the authentication cookie and creates a
FormsAuthenticationTicket to which is assigned the decrypted cookie value.
We then extract the user''s roles from that and create a new GenericIdentity
passing in the FormsAuthenticationTicket. Finally, we create a new
GenericPrincipal object passing in the GenericIdentity and the roles.
Lastly, we assign the GenericPrincipal to the user in the current context.
My question, really, is where do we now put this code? Where are
AuthenticateRequest events handled?
Peter
Peter Bradley ; < pb ****** @ uwic.ac.ukwrote in message
news:ua ************** @ TK2MSFTNGP02.phx.gbl .. 。
"Peter Bradley" <pb******@uwic.ac.ukwrote in message
news:ua**************@TK2MSFTNGP02.phx.gbl...
" Alexey Smirnov" < al ************ @ gmail.comwrote in message
news:ec ************** @ TK2MSFTNGP05.phx .gbl ...
我的问题,真的,我们现在把这段代码放在哪里?在哪里
处理AuthenticateRequest事件?
"Alexey Smirnov" <al************@gmail.comwrote in message
news:ec**************@TK2MSFTNGP05.phx.gbl...
My question, really, is where do we now put this code? Where are
AuthenticateRequest events handled?
必须在登录信息后立即创建身份验证票据
证实。因为票证用于标识经过身份验证的用户。所以,
它可以在登录页面中,它在身份验证部分中定义
在web.config中
< ; authentication mode =" Forms">
< forms name =" .ASPXAUTH" loginUrl = QUOT; /login.aspx" />
< / authentication>
我找到了一个基于角色的身份验证示例,看看
< a rel =nofollowhref =http://www.codeproject.com/aspnet/formsroleauth.asptarget =_ blank> http://www.codeproject.com/aspnet/formsroleauth.asp
干杯!
The authentication ticket has to be created right after the login info is
confirmed. Because the ticket is used to identify an authenticated user. So,
it can be in the login page, which is defined in the Authentication section
in web.config
<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="/login.aspx" />
</authentication>
I''ve found an example of a role-based authentication, take a look
http://www.codeproject.com/aspnet/formsroleauth.asp
Cheers!
这篇关于ASP.NET 2.0中的表单身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
