ASP.NET网站的自定义登录机制
我正在ASP.NET网站上工作,我需要通过一些自定义但简单的登录机制。 我从着名的员工信息入门套件开始
这是我到目前为止所拥有的:
在ASP.NET页面上:
protected void ButtonLogOn_Click(object sender, EventArgs e) { if (String.IsNullOrEmpty(txtUserName.Value) || String.IsNullOrEmpty(txtPassword.Value)) labelMessage.Text = MessageFormatter.GetFormattedErrorMessage("You can login using a username and a password associated with your account. Make sure that it is typed correctly."); else { //if the log-in is successful LoginPage LoginBack = new LoginPage(); if (LoginBack.VerifyCredentials(txtUserName.Value, txtPassword.Value) == 0) { SiteLogin.PerformAuthentication(txtUserName.Value, checkBoxRemember.Checked); } else { labelMessage.Text = MessageFormatter.GetFormattedErrorMessage("Login Failed!
The username and/or password you entered do not belong to any User account on our system.
You can login using a username and a password associated with your account. Make sure that it is typed correctly."); } } } protected void ButtonAdminLogOn_Click(object sender, EventArgs e) { if (String.IsNullOrEmpty(txtUserName.Value) || String.IsNullOrEmpty(txtPassword.Value)) labelMessage.Text = MessageFormatter.GetFormattedErrorMessage("Login Please!
You can login using a username and a password associated with your account. Make sure that it is typed correctly."); else { //if the log-in is successful if (txtUserName.Value == "admin" && txtPassword.Value == "123123") { SiteLogin.PerformAdminAuthentication("admin", checkBoxRemember.Checked); } else { labelMessage.Text = MessageFormatter.GetFormattedErrorMessage("Login Failed!
The username and/or password you entered do not belong to any Administrator ccount on our system.
You can login using a username and a password associated with your account. Make sure that it is typed correctly."); } } } 和实用类
public static void PerformAuthentication(string userName, bool remember) { FormsAuthentication.RedirectFromLoginPage(userName, remember); if (HttpContext.Current.Request.QueryString["ReturnUrl"] == null) { RedirectToDefaultPage(); } else { HttpContext.Current.Response.Redirect(HttpContext.Current.Request.QueryString["ReturnUrl"]); } } public static void PerformAdminAuthentication(string userName, bool remember) { FormsAuthentication.RedirectFromLoginPage(userName, remember); if (HttpContext.Current.Request.QueryString["ReturnUrl"] == null) { RedirectToAdminDefaultPage(); } else { HttpContext.Current.Response.Redirect(HttpContext.Current.Request.QueryString["ReturnUrl"]); } }
我的登录表单有两个按钮:管理员登录名是硬编码的名称/密码。 正常的登录例程返回到另一个调用Web服务的程序集,并根据域登录检查用户名和密码。
现在,还有一个其他文件有代码,让我感到困惑。
Global.asax中
protected void Application_AuthenticateRequest(Object sender, EventArgs e) { if (HttpContext.Current.User != null) { if (HttpContext.Current.User.Identity.IsAuthenticated) { if (HttpContext.Current.User.Identity.AuthenticationType != "Forms") { throw new InvalidOperationException("Only forms authentication is supported, not " + HttpContext.Current.User.Identity.AuthenticationType); } IIdentity userId = HttpContext.Current.User.Identity; //if role info is already NOT loaded into cache, put the role info in cache if (HttpContext.Current.Cache[userId.Name] == null) { string[] roles; if (userId.Name == "admin") { roles = new string[1] { "administrators" }; } else if (userId.Name == "member1") { roles = new string[1] { "employees" }; } else { roles = new string[1] { "public" }; } //1 hour sliding expiring time. Adding the roles in cache. //This will be used in Application_AuthenticateRequest event located in Global.ascx.cs //file to attach user Principal object. HttpContext.Current.Cache.Add(userId.Name, roles, null, DateTime.MaxValue, TimeSpan.FromHours(1), CacheItemPriority.BelowNormal, null); } //now assign the user role in the current security context HttpContext.Current.User = new GenericPrincipal(userId, (string[])HttpContext.Current.Cache[userId.Name]); } } }
该网站有一些允许免费访问的关于页面,但其余的是管理员或员工。 我的管理员用户名/密码是固定的,但员工登录以域格式输入,需要在目标域上validation(全部完成),然后设置员工角色。
我如何在Global.asax文件中的Application_AuthenticateRequest方法中执行此操作?
为不同的文件夹设置不同的身份validation模式(通过Web.config或甚至只是IIS管理单元 ):
- root的匿名(有关页面)
- 表示〜/ Admin区域的身份validation
- Windows / NTLM用于〜/雇主区域
您还可以使用自定义成员资格提供程序的扩展登录控件