logo标签列表

C# - 使用自定义角色和成员提供程序的Forms身份验证代码后端

c#asp.netforms-authenticationmembership-providerroleprovider
3
很不幸,我在网上找到的所有关于使用自定义角色和成员提供程序的Forms身份验证代码示例都是用VB.NET编写的,而我需要C#代码。请帮忙!!!
我需要一个codebehind来执行以下操作:
- 在单击登录按钮时验证用户 - 如果用户active_flag=0(false)或password!=@password,则显示错误:“Access Denied” - 如果用户admin_flag=1&active flag=1(true),则重定向到admin_pages\zipsearch.aspx - 如果用户admin_flag=0(false)&active_flag=1(true),则重定向到pages\zipsearch.aspx
Default.aspx代码:
    <asp:Login ID="LoginUser" runat="server" EnableViewState="false" RenderOuterTable="false">
    <LayoutTemplate>
        <span class="failureNotification">
            <asp:Literal ID="FailureText" runat="server"></asp:Literal>
        </span>
        <asp:ValidationSummary ID="LoginUserValidationSummary" runat="server" CssClass="failureNotification" 
             ValidationGroup="LoginUserValidationGroup"/>
        <div class="accountInfo">
            <fieldset class="login">
                <legend>Account Information</legend>
                <p>
                    <asp:Label ID="usernameLabel" runat="server" AssociatedControlID="username">Username:</asp:Label>
                    <asp:TextBox ID="username" runat="server" CssClass="textEntry"></asp:TextBox>
                    <asp:RequiredFieldValidator ID="UserNameRequired" runat="server" ControlToValidate="username" 
                         CssClass="failureNotification" ErrorMessage="User Name is required." ToolTip="User Name is required." 
                         ValidationGroup="LoginUserValidationGroup">*</asp:RequiredFieldValidator>
                </p>
                <p>
                    <asp:Label ID="passwordLabel" runat="server" AssociatedControlID="password">Password:</asp:Label>
                    <asp:TextBox ID="password" runat="server" CssClass="passwordEntry" TextMode="password"></asp:TextBox>
                    <asp:RequiredFieldValidator ID="passwordRequired" runat="server" ControlToValidate="password" 
                         CssClass="failureNotification" ErrorMessage="Password is required." ToolTip="Password is required." 
                         ValidationGroup="LoginUserValidationGroup">*</asp:RequiredFieldValidator>
                </p>
                <p>
                    <asp:CheckBox ID="RememberMe" runat="server"/>
                    <asp:Label ID="RememberMeLabel" runat="server" AssociatedControlID="RememberMe" CssClass="inline">Keep me logged in</asp:Label>
                </p>
            </fieldset>
            <p class="submitButton">
                <asp:Button ID="LoginButton" runat="server" CommandName="Login" Text="Log In" ValidationGroup="LoginUserValidationGroup"/>
            </p>
        </div>
    </LayoutTemplate>
</asp:Login>

Web.config文件:

<authentication mode="Forms">
  <forms loginUrl="~/default.aspx" timeout="2880" />
</authentication>

  <membership>
  <providers>
    <clear/>
      <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="OleConnectionStringSource"
         enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
         maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
         applicationName="/" />  
  </providers>
</membership> 

<profile>
  <providers>
    <clear/>
   <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/> 
  </providers>
</profile>

<roleManager enabled="false">
  <providers>
    <clear/>
      <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
    <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" /> 
  </providers>
</roleManager>

Default.aspx.cs的代码后台:

namespace ACAWebApplication
{
  public partial class _Default : System.Web.UI.Page
  { 
     protected void Page_Load(object sender, EventArgs e)
     {
       RegisterHyperLink.NavigateUrl = "Register.aspx?ReturnUrl=" + HttpUtility.UrlEncode(Request.QueryString["ReturnUrl"]);

       // authenticate user
       // if user active_flag=0 (false) OR password!=@password, display error: "Access Denied" 

       // if user admin_flag=1 & active flag=1 (true), redirect to admin_pages\zipsearch.aspx
       // if user admin_flag=0 (false) & active_flag=1 (true), redirect to pages\zipsearch.aspx

      }
   }
 }

Thanks a lot in advance! :)

1个回答
10

要开始,请使用登录方法:

protected void LoginButton_Click(object sender, EventArgs e)
{
 // Validate the user against the Membership framework user store
 if (Membership.ValidateUser(UserName.Text, Password.Text))
 {
 // Log the user into the site
 FormsAuthentication.RedirectFromLoginPage(UserName.Text, RememberMe.Checked);
 }
 // If we reach here, the user's credentials were invalid
 InvalidCredentialsMessage.Visible = true;
}

您可以在authenticate方法中检查用户凭据:

protected void myLogin_Authenticate(object sender, AuthenticateEventArgs e)
{
 // Get the email address entered
 TextBox EmailTextBox = myLogin.FindControl("Email") as TextBox;
 string email = EmailTextBox.Text.Trim();

 // Verify that the username/password pair is valid
 if (Membership.ValidateUser(myLogin.UserName, myLogin.Password))
 {
 // Username/password are valid, check email
 MembershipUser usrInfo = Membership.GetUser(myLogin.UserName);
 if (usrInfo != null && string.Compare(usrInfo.Email, email, true) == 0)
 {
 // Email matches, the credentials are valid
 e.Authenticated = true;
 }
 else
 {
 // Email address is invalid...
 e.Authenticated = false;
 }
 }
 else
 {
 // Username/password are not valid...
 e.Authenticated = false;
 }
}

要根据特定角色进行重定向,请使用以下代码:

protected void Login1_LoggedIn(object sender, EventArgs e)
{
    if (Roles.IsUserInRole(Login1.UserName, "Admin"))
    {
         Response.Redirect("~/Admin/Default.aspx");
    }
    else if (Roles.IsUserInRole(Login1.UserName, "User"))
    {
         Response.Redirect("~/User/Default.aspx");
    }
    else if (Roles.IsUserInRole(Login1.UserName, "Viewer"))
    {
         Response.Redirect("~/Viewer/Default.aspx");
    }
    else
    {
         Response.Redirect("~/Login.aspx");
    }
}

编辑:

这里是应该适合你的解决方案,虽然不是最好的代码但还可以。

首先,您需要使用DestinationPageUrl标签配置登录控件,如下所示:

<asp:Login 
  ID="Login1" 
  runat="server" 
  DestinationPageUrl="~/admin_pages/zipsearch.aspx">
</asp:Login>

然后在您的LoginButton_Click方法中:

 protected void LoginButton_Click(object sender, EventArgs e)
    {
     // Validate the user against the Membership framework user store
    if (Membership.ValidateUser(myLogin.UserName, myLogin.Password))
     {
     // Username/password are valid, check email
     MembershipUser currentUser = Membership.GetUser(myLogin.UserName);

        if (currentUser != null)
        {
            if (admin_flag == true)
              {
                     FormsAuthentication.RedirectFromLoginPage(UserName.Text, RememberMe.Checked);
            }
           else
              {
              // If we reach here, the user's credentials were invalid -> your access is denied message
             InvalidCredentialsMessage.Visible = true;
            }
        }
      }
      //if code goes here validation of user failed        
    }
1
URL是您的登录控件的一个名为“DestinationPageUrl”的属性,因此您不必在此处设置它。是的,您可以在重定向之前放置您的代码。 - MUG4N
@Mug4n,RedirectPage 可以在 Web.config 中的 <configuration> <appSettings><add key="RedirectPage" value="/Pages/default.aspx"/> 进行设置,对吧? - Brian McCarthy
1
请查看您的会员数据库。(您也可以创建自己的会员数据库,请参阅此处:http://www.asp.net/security/tutorials/creating-the-membership-schema-in-sql-server-vb)在那里,您将找到一个名为aspnet_roles的表。在这个表中,您可以定义不同的角色。Visual Studio还有一个内置工具来维护您的会员数据库,请参阅此处:http://odetocode.com/articles/427.aspx - MUG4N
1
你可以根据自己的需求自由地调整会员数据库。管理员可以通过 Membership、MembershipUser 和 Roles 类来编写代码创建用户和角色。当然,如果你像上面提到的那样使用 if 语句也是可以的。 - MUG4N
1
通常情况下,您需要手动在角色表中创建角色,然后可以使用createuserwizard创建新用户并为其分配角色。 - MUG4N
显示剩余4条评论
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接