本文共 5407 字，大约阅读时间需要 18 分钟。

web.config (只有用户信息存放在web.config中，才可以使用FormsAuthentication.Authenticate)

login.aspx

<%@ Page Language="C#" Debug="true" AutoEventWireup="true" CodeFile="Login.aspx.cs" Inherits="Login" %>        
   
    
    
        
     
Login Page
    
    
    
        
    
             
                  
                       
Username:
                       
        
                       
        
                  
                  
                       
Password:
                       
        
                       
        
                  
                  
                       
Check here if this is not
a public computer:
                       
        
                  
             
        
    
        
   

login.aspx.cs

protected void Login_Click(object sender, EventArgs e)    {        string username = UserNameTextBox.Text;        string password = UserPassTextBox.Text;        bool isPersistent = PersistCheckBox.Checked;        if (FormsAuthentication.Authenticate(username, password))        {            FormsAuthentication.RedirectFromLoginPage(username, isPersistent);/*            HttpCookie cookie = FormsAuthentication.GetAuthCookie(username, isPersistent);            cookie.Expires = DateTime.Now.AddDays(7);            Response.Cookies.Add(cookie);            Response.Redirect(FormsAuthentication.GetRedirectUrl(username, isPersistent);*/        }        else            throw new Exception("登录失败!!!");    }

default.aspx.cs

protected void Logout_Click(object sender, EventArgs e)    {        FormsAuthentication.SignOut();        FormsAuthentication.RedirectToLoginPage();    }

数据库验证

protected void Login_Click(object sender, EventArgs e)    {        string username = UserNameTextBox.Text;        string password = UserPassTextBox.Text;        bool isPersistent = PersistCheckBox.Checked;        string source = "server=(local);integrated security=SSPI;database=mytest";        string select = "SELECT count(*) FROM [Login] WHERE UserName='" + username + "' AND UserPassword='" + password + "'";        // string update = "UPDATE [Login] set LoginTime=LoginTime+1, LastLogin='" + DateTime.Now + "' WHERE UserName='" + username + "'";        SqlConnection conn = new SqlConnection(source);        conn.Open();        SqlCommand cmd = new SqlCommand(select, conn);        int count = Convert.ToInt32(cmd.ExecuteScalar());        if (count >= 1)        {            // cmd = new SqlCommand(update, conn);            // cmd.ExecuteNonQuery();            string userData = "ApplicationSpecific data for this user.";            FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, username, DateTime.Now, DateTime.Now.AddMinutes(1), isPersistent, userData, FormsAuthentication.FormsCookiePath);            string encTicket = FormsAuthentication.Encrypt(ticket);            Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket));            // if (HttpContext.Current.User.IsInRole("Admin"))                // ......            Response.Redirect(FormsAuthentication.GetRedirectUrl(username, isPersistent));            // 不要使用FormsAuthentication.RedirectFromLoginPage，这个方法会重写cookie。        }        else            throw new Exception("登录失败!!!");    }

Login表

CREATE TABLE [Login] (LoginId smallint IDENTITY(1,1) NOT NULL,UserName nvarchar(20) NOT NULL,UserPassword nvarchar(20) NOT NULL)INSERT INTO [Login] VALUES ('xiaobai', 'xiaobai')

角色验证

protected void Login_Click(object sender, EventArgs e)    {        string username = UserNameTextBox.Text;        string password = UserPassTextBox.Text;        bool isPersistent = PersistCheckBox.Checked;        string source = "server=(local);integrated security=SSPI;database=mytest";        string select = "SELECT count(*) FROM [Login] WHERE UserName='" + username + "' AND UserPassword='" + password + "'";        SqlConnection conn = new SqlConnection(source);        conn.Open();        SqlCommand cmd = new SqlCommand(select, conn);        int count = Convert.ToInt32(cmd.ExecuteScalar());        if (count >= 1)        {            string userData = "Admin";            FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, username, DateTime.Now, DateTime.Now.AddMinutes(1), isPersistent, userData, FormsAuthentication.FormsCookiePath);            string encTicket = FormsAuthentication.Encrypt(ticket);            Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket));            Response.Redirect(FormsAuthentication.GetRedirectUrl(username, isPersistent));        }        else            throw new Exception("登录失败!!!");    }

Global.asax

<%@ Import Namespace="System.Security.Principal" %>protected void Application_AuthenticateRequest(object sender, EventArgs e)    {        HttpCookie authCookie = Context.Request.Cookies[FormsAuthentication.FormsCookieName];        if (null == authCookie)            return;        FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);        string[] roles = authTicket.UserData.Split(new char[] { ',' });        // Context.User = new GenericPrincipal(new FormsIdentity(authTicket), roles);        Context.User = new GenericPrincipal(Context.User.Identity, roles);    }

转载地址：http://apsli.baihongyu.com/