asp.net mvc中Forms身份验证身份验证流程

验证流程

一、用户登录

1、验证表单:ModelState.IsValid

2、验证用户名和密码:通过查询数据库验证

3、如果用户名和密码正确,则在客户端保存Cookie以保存用户登录状态:SetAuthCookie

    1):从数据库中查出用户名和一些必要的信息,并把额外信息保存到UserData中

 2):把用户名和UserData保存到 FormsAuthenticationTicket 票据中

 3):对票据进行加密 Encrypt

 4):将加密后的票据保存到Cookie发送到客户端

4、跳转到登录前的页面

5、如果登录失败,返回当前视图

二、验证登录

1、在Global中注册PostAuthenticateRequest事件函数,用于解析客户端发过来的Cookie数据

 1):通过 HttpContext.Current.User.Identity 判断用户是否登录(FormsIdentity,IsAuthenticated,AuthenticationType)

 2):从HttpContext 的Request的Cookie中解析出Value,解密得到 FormsAuthenticationTicket 得到UserData

2、角色验证

 1):在Action加入 Authorize特性,可以进行角色验证

 2):在 HttpContext.Current.User 的 IsInRole 方法进行角色认证(需要重写)

一、用户登录

1、设置web.config

设置重定向登录页面

<system.web>

<authentication mode="Forms">

<forms name="loginName" loginUrl="/UserInfo/login" cookieless="UseCookies" path="/" protection="All" timeout="30"></forms>

</authentication>

</system.web>

注释掉

<modules>

<!--<remove name="FormsAuthentication" />-->

</modules>

2、登陆的验证中控制器

控制器中加“[Authorize]”修饰的方法拒绝匿名。

public class UserInfoController : Controller //控制器

{

//身份验证过滤器

[Authorize]

public ActionResult Index()

{

return View();

}

}

控制器中登录

/// <summary>

/// 用户登录

/// </summary>

/// <returns></returns>

public ActionResult login()

{

return View();

}

[HttpPost]

public ActionResult login(loginModels login) {

if (ModelState.IsValid)

{

var model = db.Admininfo.FirstOrDefault(a => a.AdminAccount == login.AdminAccount && a.AdminPwd == login.AdminPwd);

if (model != null)

{

//存入票据(用户登录的时候去存信息,如果有信息直接去登录)

var dtoModel = new Users

{

id = model.id,

AdminPwd = model.AdminPwd,

AdminAccount=model.AdminAccount

};

//调用

SetAuthCookie(dtoModel);

//获取登录地址

var returnUrl = Request["ReturnUrl"];

//判断登录地址是不是空值

if (!string.IsNullOrWhiteSpace(returnUrl))

{

return Redirect(returnUrl);

}

else

{

//return RedirectiToAction

return Redirect("/Home/index");

}

}

else

{

ModelState.AddModelError("", "账号密码不对");

return View(login);

}

}

else

{

ModelState.AddModelError("", "输入的信息有误");

return View(login);

}

对登录账号进行cookie

/// <summary>

/// 对登录账号进行cookie

/// </summary>

/// <param name="model"></param>

public void SetAuthCookie(Users loginModel) {

//1、将对象转换成json

var userdata = loginModel.ToJson();

//2、创建票据FormsAuthenticationTicket

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(2,"loginUser",DateTime.Now,DateTime.Now.AddDays(1), false, userdata);

//对票据进行加密

var tickeEncrypt = FormsAuthentication.Encrypt(ticket);

//创建Cookie,定义

HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, tickeEncrypt);

cookie.HttpOnly = true;

cookie.Secure = FormsAuthentication.RequireSSL;

cookie.Domain = FormsAuthentication.CookieDomain;

cookie.Path = FormsAuthentication.FormsCookiePath;

cookie.Expires = DateTime.Now.Add(FormsAuthentication.Timeout);

//先移除cookie,在添加cookie

Response.Cookies.Remove(FormsAuthentication.FormsCookieName);

Response.Cookies.Add(cookie);

}

3、Models中添加模型文件

public class loginModels

{

/// <summary>

/// 账号

/// </summary>

[DisplayName("账号")]

[Required(ErrorMessage = "账号不能为空")]

public string AdminAccount { get; set; }

/// <summary>

/// 密码

/// </summary>

[DisplayName("密码")]

[Required(ErrorMessage = "密码不能为空")]

public string AdminPwd { get; set; }

}

4、Views中 Login 代码:

@using (Html.BeginForm("Login", "Account", new { ReturnUrl = ViewBag.ReturnUrl }, FormMethod.Post, new { @class = "form-horizontal", role = "form" }))


5、Global设置

protected void Application_AuthenticateRequest(object sender, EventArgs e)

{

//1、通过sender获取http请求

// HttpApplication app = new HttpApplication();//实例化

HttpApplication app = sender as HttpApplication;

//2、拿到http上下文

HttpContext context = app.Context;

//3、根据FormsAuthe,来获取cookie

var cookie = context.Request.Cookies[FormsAuthentication.FormsCookieName];

if (cookie != null)

{

//获取cookie的值

var ticket = FormsAuthentication.Decrypt(cookie.Value);

if (!string.IsNullOrWhiteSpace(ticket.UserData))

{

//把一个字符串类别变成实体模型

var model = ticket.UserData.ToObject<AdmininfoViewModel>();

//var acount = model.AdminAccount; //获取账号

context.User = new MyFormsPrincipal<AdmininfoViewModel>(ticket, model);

//MyFormsPrincipal.Identity = new FormsIdentity(ticket);

// MyFormsPrincipal.userdata;

}

}

}

6、退出登录

控制器中

/// <summary>

/// 退出登录

/// </summary>

public ActionResult loginout()

{

//删除票据

FormsAuthentication.SignOut();

//清除cookie

Response.Cookies[FormsAuthentication.FormsCookieName].Expires = DateTime.Now.AddDays(-1);

Response.Cookies.Remove(FormsAuthentication.FormsCookieName);

return RedirectToAction("Index", "Home");

}

View跳转链接

@Html.ActionLink("安全退出","loginout","Users")

以上是 asp.net mvc中Forms身份验证身份验证流程 的全部内容, 来源链接: utcz.com/z/359623.html

回到顶部