+设为首页 +添加到收藏夹
目录如下: Main ____Book/*.*
|___Ticket/*.*
|___Help/*.*
|..........(全部是目录)
|___index.aspx
|___web.config
我希望用户必须从登陆页登陆,验证合法后,才能访问Main目录下,所有目录中的文件。请大家多多帮助!
如果用户量大的话就用cookie
login.aspx.cs
//从数据库读取用户的权限
string role=reader.GetInt32(0).ToString();
//产生 Ticket
FormsAuthenticationTicket userTicket=new FormsAuthenticationTicket(1,uid,
DateTime.Now,DateTime.Now.AddMinutes(30),true,role,"login");
//加密票据
string hashUserTicket=FormsAuthentication.Encrypt(userTicket);
//产生新的Cookie
HttpCookie userCookie=new HttpCookie("login",hashUserTicket);
Response.Cookies.Add(userCookie);
//返回用户原来返回的页面
Context.Response.Redirect(Context.Request["ReturnUrl"],true);
global.asax.cs
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
HttpApplication app=(HttpApplication)sender;
HttpContext ctx=app.Context;
//如果验证成功
if(ctx.Request.IsAuthenticated==true)
{
FormsIdentity typeID=(FormsIdentity)ctx.User.Identity;
FormsAuthenticationTicket ticket=typeID.Ticket;
string []role=ticket.UserData.Split(,);
ctx.User=new GenericPrincipal(typeID,role);
}
}
文件夹底下的web.config的培植
<authorization>
<allow roles="1"/>
<deny users="*"/>
</authorization>
我的权限 role 有三种, 为这三个权限建立三个 文件夹
要 导入的命名空间
using System.Web.Security;
using System.Security.Principal;
>>>>我在程序验证用户合法后,加了一句:ForsAuthentication.SetAuthCookie("",False),
就可以了,为什么?
that is how it works
>>>>这样做的验证,是不是包括了Main下的所有目录+文件,
suppose so
>>>如果,文件不想被验证呢?
add a location element to your web.config:
<configuration>
<system.web>
<authentication mode="Forms">
<forms name=".theDefault"
loginUrl="index.aspx"
path="/"
protection="All"
timeout="15" >
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
<location path="SomeOtherPage.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
</configuration>
