我怎样才能手动创build一个身份validationcookie,而不是默认的方法?
使用FormsAuthentication我们写这样的代码:
if (IsValidUser()) { FormsAuthentication.SetAuthCookie(userName, createPersistentCookie); FormsAuthentication.RedirectFromLoginPage(userName, createPersistentCookie); }
-
如何手动创build身份validationCookie而不是编写
FormsAuthentication.SetAuthCookie(userName, createPersistentCookie)? -
我怎样才能从一个stringvariables,而不是写入
FormsAuthentication.RedirectFromLoginPage(userName, createPersistentCookie)从login页面redirectURL?
干得好。 当您使用FormsAuthentication中构build的更高级别的方法时,ASP.NET为您处理这个问题,但是在低层次上,需要创build一个身份validationCookie。
if (Membership.ValidateUser(username, password)) { // sometimes used to persist user roles string userData = string.Join("|",GetCustomUserRoles()); FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, // ticket version username, // authenticated username DateTime.Now, // issueDate DateTime.Now.AddMinutes(30), // expiryDate isPersistent, // true to persist across browser sessions userData, // can be used to store additional user data FormsAuthentication.FormsCookiePath); // the path for the cookie // Encrypt the ticket using the machine key string encryptedTicket = FormsAuthentication.Encrypt(ticket); // Add the cookie to the request to save it HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket); cookie.HttpOnly = true; Response.Cookies.Add(cookie); // Your redirect logic Response.Redirect(FormsAuthentication.GetRedirectUrl(username, isPersistent)); }
我不知道你为什么想在这里做一些自定义的事情。 如果要更改用户数据存储位置的实现以及用户如何进行身份validation,则最好创build一个自定义MembershipProvider 。 滚动您自己的解决scheme并搞乱authenticationcookie意味着在您的软件中引入安全漏洞的可能性很高。
我不明白你的第2部分。如果你想返回用户login时popup的页面,你只需要调用FormsAuthentication.GetRedirectUrl。 如果没有做任何你想在这里,redirect到存储在configuration中的URL,如果你想。
要阅读FormsAuthentication的cookie,通常你会挂钩的HttpModule或Global.asax的AuthenticateRequest事件,并设置用户的原则上下文。
protected void Application_AuthenticateRequest(Object sender, EventArgs e) { HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName]; if(authCookie != null) { //Extract the forms authentication cookie FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value); // If caching roles in userData field then extract string[] roles = authTicket.UserData.Split(new char[]{'|'}); // Create the IIdentity instance IIdentity id = new FormsIdentity( authTicket ); // Create the IPrinciple instance IPrincipal principal = new GenericPrincipal(id, roles); // Set the context user Context.User = principal; } }
另一种创buildcookie的方式,
HttpCookie toolCookie = new HttpCookie("xyz"); toolCookie["UserName"] = userName; toolCookie["Password"] = StringCipher.Encrypt(password, "#!"); toolCookie.Expires = DateTime.Now.AddMinutes(chkRemember.Checked ? 30 : -30); Request.Cookies.Add(toolCookie);
参考
获取现有的Cookie详细信息
HttpCookie user = Request.Cookies["xyz"]; if(user != null) { string username = user["UserName"]; string password = user["Password"] != null ? StringCipher.Decrypt(user["Password"], "#!") }
这里Datasecurity是一个静态类。
encryption和解密functionencryption和解密
