让我登录windows + Forms登录

时间:2011-05-10 20:42:54

标签: c# asp.net cookies login

我希望在我的ASP.NET应用程序中实现Facebook和GMail的功能。

我使用了窗口和表单登录的组合,所有这些都正常工作。

我有一个登录页面,其中包含以下代码:

    public const int LOGON32_LOGON_INTERACTIVE = 2;
    public const int LOGON32_PROVIDER_DEFAULT = 0;

    IntPtr token;
    IntPtr tokenDuplicate;

    [DllImport("advapi32.dll", SetLastError = true)]
    public static extern int LogonUserA(String lpszUserName,
        String lpszDomain,
        String lpszPassword,
        int dwLogonType,
        int dwLogonProvider,
        ref IntPtr phToken);
    [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
    public static extern int DuplicateToken(IntPtr hToken,
        int impersonationLevel,
        ref IntPtr hNewToken);

    [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
    public static extern bool RevertToSelf();

    [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
    public static extern bool CloseHandle(IntPtr handle);


protected void LoginButton_Click(object sender, EventArgs e)
        {
 if (LogonUserA(userName, Domain.Text, Password.Text, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref token) == 0)
            {
                BadCredentials.Visible = true;
                BadCredentials.Text = "Not A Valid User";
                Global.logger.Info("LogonUserA failed with GetLastWin32Error code =" + Marshal.GetLastWin32Error());
                return;
            }
            Global.logger.Info("LogonUserA is sucessful");


                if (DuplicateToken(token, 2, ref tokenDuplicate) == 0)
                {
                    BadCredentials.Visible = true;
                    BadCredentials.Text = "Internal Error: DuplicateToken failed";
                    return;
                }

Session["TokenDuplicate"] = tokenDuplicate;
            if (new GUIUtility().impersonateValidUser(Session) == false)
            {
                BadCredentials.Visible = true;
                BadCredentials.Text = "Impersonation failed";
                return;
            }

if (GUIUtility.IsUserPartOfWindowsGroup(compUsrNameForEncryption, adminGroupName) == true)
            {
                // The user is Instance Admin

                BadCredentials.Visible = false;


            }
// Create the authentication ticket
        FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1,                          // version
                                       UserName.Text,           // user name
                                       DateTime.Now,               // creation
                                       DateTime.Now.AddMinutes(60),// Expiration
                                       false,                      // Persistent 
                                       role);         // User data

        // Now encrypt the ticket.
        string encryptedTicket = FormsAuthentication.Encrypt(authTicket);

        // Create a cookie and add the encrypted ticket to the
        // cookie as data.
        HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);            

        //authCookie.Secure = FormsAuthentication.RequireSSL;

        // Add the cookie to the outgoing cookies collection.
        HttpContext.Current.Response.Cookies.Add(authCookie);
        //Response.Redirect(FormsAuthentication.GetRedirectUrl(UserName.Text, false));
        Response.Redirect("~/Default.aspx");
        // Company Admin has logged on

}

这就是我的web.config上有用的东西:

<authentication mode="Forms">
        <forms loginUrl="Login.aspx" defaultUrl="~/Default.aspx" name="GUI" slidingExpiration="true" timeout="30" path="/">
        </forms>
    </authentication>
    <authorization>
        <deny users="?"/>
        <allow users="*"/>
    </authorization>

<sessionState mode="InProc" cookieless="false" timeout="30"/>

    <!--
        The <customErrors> section enables configuration 
        of what to do if/when an unhandled error occurs 
        during the execution of a request. Specifically, 
        it enables developers to configure html error pages 
        to be displayed in place of a error stack trace.
  -->
    <customErrors mode="On" defaultRedirect="~/Login.aspx">
        <error statusCode="403" redirect="NoAccess.htm" />
        <error statusCode="404" redirect="FileNotFound.htm" />
    </customErrors>

我的global.ascx中的代码:

 protected void Application_BeginRequest(object sender, EventArgs e)
    {

        try
        {
            string cookieName = FormsAuthentication.FormsCookieName.ToString();
            HttpCookie authCookie = Context.Request.Cookies[cookieName];
            if (null != authCookie)
            {
                authCookie.Secure = true;
            }
        }
        catch (Exception ex)
        {
            Global.logger.Error("Application_BeginRequest: Exception: " + ex);
        }
    }

     protected void Application_AuthenticateRequest(object sender, EventArgs e)
     {
        // Extract the forms authentication cookie

        string redirectSecureUrl = Request.Url.ToString();

        string cookieName = FormsAuthentication.FormsCookieName.ToString();
        HttpCookie authCookie = Context.Request.Cookies[cookieName];


        if (null == authCookie)
        {

            // There is no authentication cookie.
            return;
        }

        FormsAuthenticationTicket authTicket = null;
        try
        {
            authTicket = FormsAuthentication.Decrypt(authCookie.Value);
        }
        catch (Exception ex)
        {
            Global.logger.Error("Application_AuthenticateRequest: Exception: " + ex);

            return;
        }

        if (null == authTicket)
        {
            // Cookie failed to decrypt.
            return;
        }

        // When the ticket was created, the UserData property was assigned a
        // pipe delimited string of role names.
        string[] roles = authTicket.UserData.Split(new char[] { '|' });

        // Create an Identity object
        FormsIdentity id = new FormsIdentity(authTicket);

        // This principal will flow throughout the request.
        GenericPrincipal principal = new GenericPrincipal(id, roles);
        // Attach the new principal object to the current HttpContext object
        Context.User = principal;
    }

如果我将持久性cookie设为true而不是false,会发生什么?

感谢。

1 个答案:

答案 0 :(得分:1)

供参考......

如果使用true,将创建具有固定到期日期的cookie,而不是仅会话cookie。饼干&amp;因此,身份验证票证将在浏览器关闭后继续存在。

西蒙