ASP.NET 2.0中的表单身份验证

本文介绍了ASP.NET 2.0中的表单身份验证的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我们正在设计我们的第一个ASP.NET 2.0应用程序，并且 发现表单身份验证在 ASP.NET 2.0中完全不同。 由于多种原因，我们无法使用ASP.NET 2.0提供的标准登录组件 （例如，我们需要完全控制外观 - 包括 使用CSS而非表格进行布局 - 我们需要能够自己处理 身份验证cookie，而不是让内置组件处理 给我们）。我们还需要使用Application_Start事件从我们的数据库中读取查找 数据。 有谁知道如何回到像.NET 1.1这样的东西模型为 编码表格认证。 我不会反对使用提供的组件BTW，只要我们得到 我们以前的功能，只要我们可以自己设置可见的 组件的样式。 Peter

We are in the process of designing our first ASP.NET 2.0 application and have discovered that Forms Authentication works completely differently in ASP.NET 2.0. For a number of reasons, we cannot use the standard login component supplied with ASP.NET 2.0 (e.g. we need full control of the look and feel - including using CSS and not tables for layout - and we need to be able to handle the authentication cookie ourselves rather than let a built-in component handle it for us). We also need to use the Application_Start event to read lookup data from our databases. Does anyone know how to get back to something like the .NET 1.1 model for coding forms authentication. I''m not dead against using the supplied components, BTW, as long as we get the functionality we had before and as long as we can style the visible components ourselves. Peter

推荐答案

" Peter Bradley" < pb ****** @ uwic.ac.ukwrote in message news：ub ************** @ TK2MSFTNGP05.phx.gbl .. 。 "Peter Bradley" <pb******@uwic.ac.ukwrote in message news:ub**************@TK2MSFTNGP05.phx.gbl... 我们正在设计我们的第一个ASP.NET 2.0应用程序，并且 发现表单身份验证在 ASP.NET 2.0。 由于多种原因，我们无法使用ASP.NET提供的标准登录组件 2.0（例如我们需要完全控制外观和 的感觉 - 包括使用CSS而不是表格进行布局 - 我们需要 我们自己能够处理身份验证cookie而不是让一个 内置组件为我们处理它）。我们还需要使用 Application_Start事件从我们的数据库中读取查找数据。 有谁知道如何回到像.NET 1.1这样的东西模型为 编码表格认证。 我不会反对使用提供的组件BTW，只要我们得到 我们以前的功能，只要我们可以自己设置可见的 组件的样式。 We are in the process of designing our first ASP.NET 2.0 application and have discovered that Forms Authentication works completely differently in ASP.NET 2.0. For a number of reasons, we cannot use the standard login component supplied with ASP.NET 2.0 (e.g. we need full control of the look and feel - including using CSS and not tables for layout - and we need to be able to handle the authentication cookie ourselves rather than let a built-in component handle it for us). We also need to use the Application_Start event to read lookup data from our databases. Does anyone know how to get back to something like the .NET 1.1 model for coding forms authentication. I''m not dead against using the supplied components, BTW, as long as we get the functionality we had before and as long as we can style the visible components ourselves.

彼得 设计你自己的login.aspx页面 在提交活动时添加以下代码 ---- -------------------------- 如果用户名和密码正确，则为 //初始化FormsAuthentication FormsAuthentication.Initialize（）; //创建用于身份验证的新票证 FormsAuthenticationTicket ticket = new FormsAuthenticationTicket（ 1，//票证版本 用户名，//用户名关联d带票据 DateTime.Now，//发布日期/时间 DateTime.Now.AddMonths（1），//到期日期/时间 true，//" true"对于持久用户cookie UserRoles，//用户数据，在这种情况下是角色 FormsAuthentication.FormsCookiePath）; //路径cookie有效 //使用机器密钥加密cookie以进行安全传输 string hash = FormsAuthentication.Encrypt（ticket）; HttpCookie cookie = new HttpCookie（ FormsAuthentication.FormsCookieName，// auth cookie的名称 hash）; //散列票 //将cookie的到期时间设置为票证到期时间 if（ticket.IsPersistent）cookie.Expires = ticket .Expiration; //将cookie添加到列表中以便传出响应 Response.Cookies.Add（cookie）; //重定向到请求的主页 Response.Redirect（" /"）; ------------ ------------------ 这几乎就是表单身份验证所需要的，而不使用 团体。

Hi Peter design you own login.aspx page On submit event add the following code ------------------------------ if UserName and Password were correct // Initialize FormsAuthentication FormsAuthentication.Initialize(); // Create a new ticket used for authentication FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, // Ticket version UserName, // Username associated with ticket DateTime.Now, // Date/time issued DateTime.Now.AddMonths(1), // Date/time to expire true, // "true" for a persistent user cookie UserRoles, // User-data, in this case the roles FormsAuthentication.FormsCookiePath); // Path cookie valid for // Encrypt the cookie using the machine key for secure transport string hash = FormsAuthentication.Encrypt(ticket); HttpCookie cookie = new HttpCookie( FormsAuthentication.FormsCookieName, // Name of auth cookie hash); // Hashed ticket // Set the cookie''s expiration time to the tickets expiration time if (ticket.IsPersistent) cookie.Expires = ticket.Expiration; // Add the cookie to the list for outgoing response Response.Cookies.Add(cookie); // Redirect to requested homepage Response.Redirect("/"); ------------------------------ That''s pretty much all you need for the Forms Authentication without using the groups.

" Alexey Smirnov" < al ************ @ gmailwrote in message news：ec ************** @ TK2MSFTNGP05.phx .gbl ... "Alexey Smirnov" <al************@gmailwrote in message news:ec**************@TK2MSFTNGP05.phx.gbl... 嗨彼得 设计你自己的login.aspx页面 在提交活动时添加以下代码 --------------------------- --- 如果UserName和密码正确 //初始化FormsAuthentication FormsAuthentication.Initialize（）; //创建用于身份验证的新票证 FormsAuthenticationTicket ticket = new FormsAuthenticationTicket（ 1，//票证版本 UserName，//与票证相关联的用户名 DateTime.Now，//发布日期/时间 DateTime.Now.AddMonths（1），// Date /到期时间 true，//true表示持久用户cookie UserRoles，//用户数据，在这种情况下是角色 FormsAuthentication.FormsCookiePath）; //路径cookie有效 //使用机器密钥加密cookie以进行安全传输 string hash = FormsAuthentication.Encrypt（ticket）; HttpCookie cookie = new HttpCookie（ FormsAuthentication.FormsCookieName，// auth cookie的名称 hash）; //散列票 //将cookie的到期时间设置为票证到期时间 if（ticket.IsPersistent）cookie.Expires = ticket .Expiration; //将cookie添加到列表中以便传出响应 Response.Cookies.Add（cookie）; //重定向到请求的主页 Response.Redirect（" /"）; ------------ ------------------ 这几乎就是表单身份验证所需要的，而不使用 团体。 Hi Peter design you own login.aspx page On submit event add the following code ------------------------------ if UserName and Password were correct // Initialize FormsAuthentication FormsAuthentication.Initialize(); // Create a new ticket used for authentication FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, // Ticket version UserName, // Username associated with ticket DateTime.Now, // Date/time issued DateTime.Now.AddMonths(1), // Date/time to expire true, // "true" for a persistent user cookie UserRoles, // User-data, in this case the roles FormsAuthentication.FormsCookiePath); // Path cookie valid for // Encrypt the cookie using the machine key for secure transport string hash = FormsAuthentication.Encrypt(ticket); HttpCookie cookie = new HttpCookie( FormsAuthentication.FormsCookieName, // Name of auth cookie hash); // Hashed ticket // Set the cookie''s expiration time to the tickets expiration time if (ticket.IsPersistent) cookie.Expires = ticket.Expiration; // Add the cookie to the list for outgoing response Response.Cookies.Add(cookie); // Redirect to requested homepage Response.Redirect("/"); ------------------------------ That''s pretty much all you need for the Forms Authentication without using the groups.

你好Alexey， 谢谢你。就登录 页面而言，这几乎就是我们现在所做的。然后我们将类和方法的属性添加到我们希望限制访问的，指定用户必须登录 并按顺序登录相应角色的成员在该 方法中执行代码或访问该类的对象（取决于要求）。这个 会引发一个身份验证请求事件，该事件在Application_AuthenticateRequest（）事件处理程序中的 Global.asax.cs中处理。这个 处理程序获取身份验证cookie并创建一个 FormsAuthenticationTicket，并为其分配解密的cookie值。 然后我们提取用户的角色，并创建一个新的GenericIdentity 传递FormsAuthenticationTicket。最后，我们创建了一个新的 GenericPrincipal对象，传递GenericIdentity和角色。 最后，我们在当前上下文中将GenericPrincipal分配给用户。 我的问题，真的，我们现在把这段代码放在哪里？在哪里 处理AuthenticateRequest事件？ Peter

Hi Alexey, Thanks for that. This is pretty much what we do now as far as the login page is concerned. We then add attributes to the classes and methods to which we wish to restrict access, specifying that the user must be logged in and a member of the appropriate role in order to execute the code in that method or access an object of that class (depending on requirements). This causes an authentication request event to be raised, which is handled in Global.asax.cs in the Application_AuthenticateRequest() event handler. This handler fetches the authentication cookie and creates a FormsAuthenticationTicket to which is assigned the decrypted cookie value. We then extract the user''s roles from that and create a new GenericIdentity passing in the FormsAuthenticationTicket. Finally, we create a new GenericPrincipal object passing in the GenericIdentity and the roles. Lastly, we assign the GenericPrincipal to the user in the current context. My question, really, is where do we now put this code? Where are AuthenticateRequest events handled? Peter

Peter Bradley ; < pb ****** @ uwic.ac.ukwrote in message news：ua ************** @ TK2MSFTNGP02.phx.gbl .. 。 "Peter Bradley" <pb******@uwic.ac.ukwrote in message news:ua**************@TK2MSFTNGP02.phx.gbl... " Alexey Smirnov" < al ************ @ gmailwrote in message news：ec ************** @ TK2MSFTNGP05.phx .gbl ... 我的问题，真的，我们现在把这段代码放在哪里？在哪里 处理AuthenticateRequest事件？ "Alexey Smirnov" <al************@gmailwrote in message news:ec**************@TK2MSFTNGP05.phx.gbl... My question, really, is where do we now put this code? Where are AuthenticateRequest events handled?

必须在登录信息后立即创建身份验证票据 证实。因为票证用于标识经过身份验证的用户。所以， 它可以在登录页面中，它在身份验证部分中定义 在web.config中 < ; authentication mode =" Forms"> < forms name =" .ASPXAUTH" loginUrl = QUOT; /login.aspx" /> < / authentication> 我找到了一个基于角色的身份验证示例，看看 www.codeproject/aspnet/formsroleauth.asp 干杯！

The authentication ticket has to be created right after the login info is confirmed. Because the ticket is used to identify an authenticated user. So, it can be in the login page, which is defined in the Authentication section in web.config <authentication mode="Forms"> <forms name=".ASPXAUTH" loginUrl="/login.aspx" /> </authentication> I''ve found an example of a role-based authentication, take a look www.codeproject/aspnet/formsroleauth.asp Cheers!