如果用户凭证是Cookie的话,可以在web.config里设置
然后在Login代码如下:private void btnLogin_Click(object sender, System.EventArgs e){ UserManage um = new UserManage(); DataSet ds = um.GetLoginUser(txtUserName.Value,FormsAuthentication.HashPasswordForStoringInConfigFile(txtPassword.Value,"MD5")); if(ds.Tables.Count > 0 && ds.Tables[0].Rows.Count > 0) {
string roles = ds.Tables[0].Rows[0]["Role"].ToString();//把用户权限加入到凭证里,这样页面就可以验证权限了.
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1,
txtUserName.Value,
DateTime.Now,
DateTime.Now.AddMinutes(30),
false,
roles);
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName,encryptedTicket);
Response.Cookies.Add(authCookie);
Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUserName.Value,false)); }}Global.ascx.cs里代码如下:protected void Application_AuthenticateRequest(Object sender, EventArgs e){ string cookieName = FormsAuthentication.FormsCookieName; HttpCookie authCookie = Context.Request.Cookies[cookieName]; if(authCookie == null)
return; FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value); string[] roles = authTicket.UserData.Split(new char[]{','}); FormsIdentity identity = new FormsIdentity(authTicket); GenericPrincipal principal = new GenericPrincipal(identity,roles); Context.User = principal;}
|