Question

我的web.config文件中有以下设置。如果用户没有登录，它基本上限制了对页面的访问。如果我不想使用asp登录控件或实现成员资格提供程序，我如何告诉'asp loginregister.aspx页面已授权请求如果我想实现自己的登录系统？

感谢。

<authentication mode="Forms">
            <forms loginUrl="~/loginregister.aspx"
                   name=".ASPXFORMSAUTH" />
        </authentication>

        <authorization>
            <deny users="?" />
        </authorization>

<location path="~/secretpage.aspx" allowOverride="true">
        <system.web>
            <compilation debug="true" />
            <authorization>
                <deny users="?" />
            </authorization>
        </system.web>
    </location>

Answer 1

验证用户后，设置票证....

    Response.Cookies.Add(TicketHelper.CreateAuthCookie(Login1.UserName, userData, Login1.RememberMeSet /*persistent cookie*/));

使用这个助手类......

如果使用登录控件，请在Authenticated事件处理程序中执行此操作。

using System;
using System.Web;
using System.Web.Security;

namespace CustomAuthRepurposingFormsAuth
{
    public static class TicketHelper
    {
        /// <summary>
        /// 
        /// </summary>
        /// <param name="userName"></param>
        /// <param name="userData">be mindful of the cookie size or you will be chasing ghosts</param>
        /// <param name="persistent"></param>
        /// <returns></returns>
        public static HttpCookie CreateAuthCookie(string userName, string userData, bool persistent)
        {
            DateTime issued = DateTime.Now;
            // formsAuth does not expose timeout!? have to hack around the
            // spoiled parts and keep moving..
            HttpCookie fooCookie = FormsAuthentication.GetAuthCookie("foo", true);
            int formsTimeout = Convert.ToInt32((fooCookie.Expires - DateTime.Now).TotalMinutes);

            DateTime expiration = DateTime.Now.AddMinutes(formsTimeout);
            string cookiePath = FormsAuthentication.FormsCookiePath;

            var ticket = new FormsAuthenticationTicket(0, userName, issued, expiration, true, userData, cookiePath);
            return CreateAuthCookie(ticket, expiration, persistent);
        }

        public static HttpCookie CreateAuthCookie(FormsAuthenticationTicket ticket, DateTime expiration, bool persistent)
        {
            string creamyFilling = FormsAuthentication.Encrypt(ticket);
            var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, creamyFilling)
                             {
                                 Domain = FormsAuthentication.CookieDomain,
                                 Path = FormsAuthentication.FormsCookiePath
                             };
            if (persistent)
            {
                cookie.Expires = expiration;
            }

            return cookie;
        }
    }

Answer 2

    // formsAuth does not expose timeout!? have to hack around the
    // spoiled parts and keep moving..
    HttpCookie fooCookie = FormsAuthentication.GetAuthCookie("foo", true);
    int formsTimeout = Convert.ToInt32((fooCookie.Expires - DateTime.Now).TotalMinutes);

表单身份验证确实会在.Net 4.0 FormsAuthentication.Timeout.TotalMinutes

时显示超时

Answer 3

如果您不想对.NET系统进行任何操作，那将会有点困难。

如果您对某些内容感到满意，只需使用登录信息中的“FormsAuthentication.RedirectFromLoginPage”设置显示用户已登录的Cookie。

如何设置asp.net认证的属性

3 个答案: