我工作的一个ASP.NET网站,我需要离开一些自定义,但简单的登录机制。我是从著名的员工信息入门套件
I'm working on a ASP.NET website and I need to get away with some custom but simple login mechanism. I started from the famous Employee Info Starter Kit
这是我到目前为止有:
在一个ASP.NET页面:
protected void ButtonLogOn_Click(object sender, EventArgs e)
{
if (String.IsNullOrEmpty(txtUserName.Value) || String.IsNullOrEmpty(txtPassword.Value))
labelMessage.Text = MessageFormatter.GetFormattedErrorMessage("You can login using a username and a password associated with your account. Make sure that it is typed correctly.");
else
{
//if the log-in is successful
LoginPage LoginBack = new LoginPage();
if (LoginBack.VerifyCredentials(txtUserName.Value, txtPassword.Value) == 0)
{
SiteLogin.PerformAuthentication(txtUserName.Value, checkBoxRemember.Checked);
}
else
{
labelMessage.Text = MessageFormatter.GetFormattedErrorMessage("<strong>Login Failed!</strong><hr/>The username and/or password you entered do not belong to any User account on our system.<br/>You can login using a username and a password associated with your account. Make sure that it is typed correctly.");
}
}
}
protected void ButtonAdminLogOn_Click(object sender, EventArgs e)
{
if (String.IsNullOrEmpty(txtUserName.Value) || String.IsNullOrEmpty(txtPassword.Value))
labelMessage.Text = MessageFormatter.GetFormattedErrorMessage("<strong>Login Please!</strong><hr/>You can login using a username and a password associated with your account. Make sure that it is typed correctly.");
else
{
//if the log-in is successful
if (txtUserName.Value == "admin" && txtPassword.Value == "123123")
{
SiteLogin.PerformAdminAuthentication("admin", checkBoxRemember.Checked);
}
else
{
labelMessage.Text = MessageFormatter.GetFormattedErrorMessage("<strong>Login Failed!</strong><hr/>The username and/or password you entered do not belong to any Administrator ccount on our system.<br/>You can login using a username and a password associated with your account. Make sure that it is typed correctly.");
}
}
}
和一项实用类
public static void PerformAuthentication(string userName, bool remember)
{
FormsAuthentication.RedirectFromLoginPage(userName, remember);
if (HttpContext.Current.Request.QueryString["ReturnUrl"] == null)
{
RedirectToDefaultPage();
}
else
{
HttpContext.Current.Response.Redirect(HttpContext.Current.Request.QueryString["ReturnUrl"]);
}
}
public static void PerformAdminAuthentication(string userName, bool remember)
{
FormsAuthentication.RedirectFromLoginPage(userName, remember);
if (HttpContext.Current.Request.QueryString["ReturnUrl"] == null)
{
RedirectToAdminDefaultPage();
}
else
{
HttpContext.Current.Response.Redirect(HttpContext.Current.Request.QueryString["ReturnUrl"]);
}
}
我的登录表单,有两个按钮:管理员登录是硬codeD名/密码。正常登录程序返回到调用Web服务并获得用户名和密码核对域登录另一个程序。
My login form has two buttons: The Admin login is hard-coded name/password. The normal login routine goes back to another assembly that calls a web service and get the username and password checked against a domain login.
现在,也有code和莫名其妙我。另一个文件
Now, there is one other file that has code and is baffling me.
的Global.asax
<script RunAt="server">
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
if (HttpContext.Current.User != null)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (HttpContext.Current.User.Identity.AuthenticationType != "Forms")
{
throw new InvalidOperationException("Only forms authentication is supported, not " +
HttpContext.Current.User.Identity.AuthenticationType);
}
IIdentity userId = HttpContext.Current.User.Identity;
//if role info is already NOT loaded into cache, put the role info in cache
if (HttpContext.Current.Cache[userId.Name] == null)
{
string[] roles;
if (userId.Name == "admin")
{
roles = new string[1] { "administrators" };
}
else if (userId.Name == "member1")
{
roles = new string[1] { "employees" };
}
else
{
roles = new string[1] { "public" };
}
//1 hour sliding expiring time. Adding the roles in cache.
//This will be used in Application_AuthenticateRequest event located in Global.ascx.cs
//file to attach user Principal object.
HttpContext.Current.Cache.Add(userId.Name, roles, null, DateTime.MaxValue, TimeSpan.FromHours(1), CacheItemPriority.BelowNormal, null);
}
//now assign the user role in the current security context
HttpContext.Current.User = new GenericPrincipal(userId, (string[])HttpContext.Current.Cache[userId.Name]);
}
}
}
</script>
该网站有一些关于页面,允许自由进入,但其余的要么是管理员或员工。我的管理员用户名/密码是固定的,但雇员登录输入域格式,需要在目标域进行验证(所有正在做的),然后设置员工的作用。
The website has a few About pages that allow free access but the rest is either for admin or employee. My admin username/password is fixed but the employee login is entered in domain format and needs to be verified on target domain (all being done) and then set the employee role.
我该怎样做,在Application_AuthenticateRequest方法在Global.asax文件?
How am I to do that in the Application_AuthenticateRequest method in Global.asax file?
设置不同的身份验证模式不同的文件夹(通过的的Web.config 甚至只是的 IIS管理单元):
Set different auth modes for different folders (via Web.config or even just IIS snap-in):
匿名根(约页) 在窗体身份验证的〜/管理区 的Windows / NTLM的〜/雇主面积你也可以使用扩展登录控制自定义会员提供。
Also you can use extended Login control with custom Membership provider.