asp.net mvc中Forms身份验证身份验证流程 |
|
验证流程 一、用户登录 1、验证表单:ModelState.IsValid 二、验证登录 1、在Global中注册PostAuthenticateRequest事件函数,用于解析客户端发过来的Cookie数据 一、用户登录 1、设置web.config 设置重定向登录页面 <system.web> <authentication mode="Forms"> <forms name="loginName" loginUrl="/UserInfo/login" cookieless="UseCookies" path="/" protection="All" timeout="30"></forms> </authentication> </system.web> 注释掉 <modules> <!--<remove name="FormsAuthentication" />--> </modules> 2、登陆的验证中控制器 控制器中加“[Authorize]”修饰的方法拒绝匿名 。
public class UserInfoController : Controller //控制器
{
//身份验证过滤器
[Authorize]
public ActionResult Index()
{
return View();
}
}
控制器中登录
/// <summary>
/// 用户登录
/// </summary>
/// <returns></returns>
public ActionResult login()
{
return View();
}
[HttpPost]
public ActionResult login(loginModels login) {
if (ModelState.IsValid)
{
var model = db.Admininfo.FirstOrDefault(a => a.AdminAccount == login.AdminAccount && a.AdminPwd == login.AdminPwd);
if (model != null)
{
//存入票据(用户登录的时候去存信息,如果有信息直接去登录)
var dtoModel = new Users
{
id = model.id,
AdminPwd = model.AdminPwd,
AdminAccount=model.AdminAccount
};
//调用
SetAuthCookie(dtoModel);
//获取登录地址
var returnUrl = Request["ReturnUrl"];
//判断登录地址是不是空值
if (!string.IsNullOrWhiteSpace(returnUrl))
{
return Redirect(returnUrl);
}
else
{
//return RedirectiToAction
return Redirect("/Home/index");
}
}
else
{
ModelState.AddModelError("", "账号密码不对");
return View(login);
}
}
else
{
ModelState.AddModelError("", "输入的信息有误");
return View(login);
}
对登录账号进行cookie
/// <summary>
/// 对登录账号进行cookie
/// </summary>
/// <param name="model"></param>
public void SetAuthCookie(Users loginModel) {
//1、将对象转换成json
var userdata = loginModel.ToJson();
//2、创建票据FormsAuthenticationTicket
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(2,"loginUser",DateTime.Now,DateTime.Now.AddDays(1), false, userdata);
//对票据进行加密
var tickeEncrypt = FormsAuthentication.Encrypt(ticket);
//创建Cookie,定义
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, tickeEncrypt);
cookie.HttpOnly = true;
cookie.Secure = FormsAuthentication.RequireSSL;
cookie.Domain = FormsAuthentication.CookieDomain;
cookie.Path = FormsAuthentication.FormsCookiePath;
cookie.Expires = DateTime.Now.Add(FormsAuthentication.Timeout);
//先移除cookie,在添加cookie
Response.Cookies.Remove(FormsAuthentication.FormsCookieName);
Response.Cookies.Add(cookie);
}
3、Models中添加模型文件
public class loginModels
{
/// <summary>
/// 账号
/// </summary>
[DisplayName("账号")]
[Required(ErrorMessage = "账号不能为空")]
public string AdminAccount { get; set; }
/// <summary>
/// 密码
/// </summary>
[DisplayName("密码")]
[Required(ErrorMessage = "密码不能为空")]
public string AdminPwd { get; set; }
}
4、Views中 Login 代码: 复制代码 代码如下: @using (Html.BeginForm("Login", "Account", new { ReturnUrl = ViewBag.ReturnUrl }, FormMethod.Post, new { @class = "form-horizontal", role = "form" })) 5、Global设置
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
//1、通过sender获取http请求
// HttpApplication app = new HttpApplication();//实例化
HttpApplication app = sender as HttpApplication;
//2、拿到http上下文
HttpContext context = app.Context;
//3、根据FormsAuthe,来获取cookie
var cookie = context.Request.Cookies[FormsAuthentication.FormsCookieName];
if (cookie != null)
{
//获取cookie的值
var ticket = FormsAuthentication.Decrypt(cookie.Value);
if (!string.IsNullOrWhiteSpace(ticket.UserData))
{
//把一个字符串类别变成实体模型
var model = ticket.UserData.ToObject<AdmininfoViewModel>();
//var acount = model.AdminAccount; //获取账号
context.User = new MyFormsPrincipal<AdmininfoViewModel>(ticket, model);
//MyFormsPrincipal.Identity = new FormsIdentity(ticket);
// MyFormsPrincipal.userdata;
}
}
}
6、退出登录 控制器中
/// <summary>
/// 退出登录
/// </summary>
public ActionResult loginout()
{
//删除票据
FormsAuthentication.SignOut();
//清除cookie
Response.Cookies[FormsAuthentication.FormsCookieName].Expires = DateTime.Now.AddDays(-1);
Response.Cookies.Remove(FormsAuthentication.FormsCookieName);
return RedirectToAction("Index", "Home");
}
View跳转链接
@Html.ActionLink("安全退出","loginout","Users")
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持脚本之家 。 |
