首页 > 代码库 > 基于ASP.MVC票据FormsAuthenticationTicket身份认证
基于ASP.MVC票据FormsAuthenticationTicket身份认证
做一个最基础的业务需求用户登录,将此用户的身份发回到客户端的Cookie,之后此用户再访问这个web应用就会连同这个身份Cookie一起发送到服务端。服务端上的授权设置就可以根据不同目录对不同用户的访问授权进行控制了。
1.场景
当用户登录成功将信息写入Cookie添加全局静态变量,跳转至主界面如果用户认证信息失效就重新跳转至登录界面
2.代码
2.1 设置Cookie
/// <summary> /// 登录验证 /// </summary> /// <returns></returns> [HttpPost] [AllowAnonymous] public ActionResult SetCookie(string loginName, string pwd) { AdminLoginInfo admin = new AdminLoginInfo(); admin.LoginName = loginName; admin.Pwd = pwd; //数据放入ticket FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, "login", DateTime.Now, DateTime.Now.AddMinutes(60), false, Newtonsoft.Json.JsonConvert.SerializeObject(admin)); //数据加密 string enyTicket = FormsAuthentication.Encrypt(ticket); HttpCookie cookie = new HttpCookie(ticket.Name, enyTicket); if (ticket.IsPersistent) { cookie.Expires = ticket.Expiration; } Response.Cookies.Add(cookie); return this.Json(new { success = true, msg = "成功" }); }
2.2 控制器基类BaseController
[AuthorizeAdmin] public class BaseController : Controller { protected AdminLoginInfo info = AdminLoginInfo.get(); }
2.3 AuthorizeAdmin自定义权限认证
继承AuthorizeAttribute并且重写
在过程请求授权时调用 处理未能授权的HTTP请求
public class AuthorizeAdmin : AuthorizeAttribute { protected override bool AuthorizeCore(HttpContextBase httpContext) { AdminLoginInfo info = AdminLoginInfo.get(); bool Pass = false; if (info == null) { httpContext.Response.StatusCode = 401; Pass = false; } else { Pass = true; } return Pass; } protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) { base.HandleUnauthorizedRequest(filterContext); filterContext.HttpContext.Response.Write(filterContext.HttpContext.Response.StatusCode); if (filterContext.HttpContext.Response.StatusCode == 401) { filterContext.Result = new RedirectResult("/Home/Login"); } } }
2.4全局用户登录信息
public class AdminLoginInfo { public static AdminLoginInfo get() { HttpCookie cook = HttpContext.Current.Request.Cookies["login"]; if (cook == null) { return null; } else if (cook.Value =http://www.mamicode.com/= null) { return null; } AdminLoginInfo mode = null; try { FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(cook.Value); mode = Newtonsoft.Json.JsonConvert.DeserializeObject<AdminLoginInfo>(authTicket.UserData); //经销商模拟登陆 return mode; } catch { return null; } } public string LoginName { get; set; } public string Pwd { get; set; } }
基于ASP.MVC票据FormsAuthenticationTicket身份认证
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。