asp.net mvc中实现Forms身份验证身份验证流程的实例

验证流程

一、用户登录

1、验证表单：ModelState.IsValid2、验证用户名和密码：通过查询数据库验证3、如果用户名和密码正确，则在客户端保存Cookie以保存用户登录状态：SetAuthCookie 1)：从数据库中查出用户名和一些必要的信息，并把额外信息保存到UserData中　2)：把用户名和UserData保存到 FormsAuthenticationTicket 票据中　3)：对票据进行加密 Encrypt　4)：将加密后的票据保存到Cookie发送到客户端4、跳转到登录前的页面5、如果登录失败，返回当前视图

1、在Global中注册PostAuthenticateRequest事件函数，用于解析客户端发过来的Cookie数据　1)：通过 HttpContext.Current.User.Identity 判断用户是否登录（FormsIdentity，IsAuthenticated，AuthenticationType）　2)：从HttpContext 的Request的Cookie中解析出Value，解密得到 FormsAuthenticationTicket 得到UserData2、角色验证　1)：在Action加入 Authorize特性，可以进行角色验证　2)：在 HttpContext.Current.User 的 IsInRole 方法进行角色认证（需要重写）

一、用户登录

1、设置web.config

设置重定向登录页面

<system.web>  <authentication mode="Forms">    <forms name="loginName" loginUrl="/UserInfo/login" cookieless="UseCookies" path="/" protection="All" timeout="30"></forms>  </authentication>  </system.web>

注释掉

<modules>    <!--<remove name="FormsAuthentication" />-->  </modules>

2、登陆的验证中控制器

控制器中加“[Authorize]”修饰的方法拒绝匿名。

 public class UserInfoController : Controller //控制器   {   //身份验证过滤器    [Authorize]    public ActionResult Index()    {     return View();    }   }

控制器中登录

   /// <summary>    /// 用户登录    /// </summary>    /// <returns></returns>    public ActionResult login()    {     return View();    }      [HttpPost]    public ActionResult login(loginModels login) {     if (ModelState.IsValid)     {      var model = db.Admininfo.FirstOrDefault(a => a.AdminAccount == login.AdminAccount && a.AdminPwd == login.AdminPwd);      if (model != null)      {       //存入票据（用户登录的时候去存信息，如果有信息直接去登录）       var dtoModel = new Users       {        id = model.id,        AdminPwd = model.AdminPwd,        AdminAccount=model.AdminAccount       };       //调用       SetAuthCookie(dtoModel);       //获取登录地址       var returnUrl = Request["ReturnUrl"];       //判断登录地址是不是空值       if (!string.IsNullOrWhiteSpace(returnUrl))       {              return Redirect(returnUrl);       }       else       {        //return RedirectiToAction        return Redirect("/Home/index");       }        }      else      {       ModelState.AddModelError("", "账号密码不对");       return View(login);      }     }     else     {      ModelState.AddModelError("", "输入的信息有误");      return View(login);       }

对登录账号进行cookie

  /// <summary>    /// 对登录账号进行cookie    /// </summary>    /// <param name="model"></param>    public void SetAuthCookie(Users loginModel) {     //1、将对象转换成json     var userdata = loginModel.ToJson();     //2、创建票据FormsAuthenticationTicket     FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(2,"loginUser",DateTime.Now,DateTime.Now.AddDays(1), false, userdata);     //对票据进行加密      var tickeEncrypt = FormsAuthentication.Encrypt(ticket);     //创建Cookie，定义     HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, tickeEncrypt);     cookie.HttpOnly = true;     cookie.Secure = FormsAuthentication.RequireSSL;     cookie.Domain = FormsAuthentication.CookieDomain;     cookie.Path = FormsAuthentication.FormsCookiePath;     cookie.Expires = DateTime.Now.Add(FormsAuthentication.Timeout);     //先移除cookie，在添加cookie     Response.Cookies.Remove(FormsAuthentication.FormsCookieName);     Response.Cookies.Add(cookie);    }

3、Models中添加模型文件

 public class loginModels   {    /// <summary>    /// 账号    /// </summary>    [DisplayName("账号")]    [Required(ErrorMessage = "账号不能为空")]     public string AdminAccount { get; set; }    /// <summary>    /// 密码    /// </summary>    [DisplayName("密码")]    [Required(ErrorMessage = "密码不能为空")]    public string AdminPwd { get; set; }   }

4、Views中 Login 代码：

复制代码 代码如下:

@using (Html.BeginForm("Login", "Account", new { ReturnUrl = ViewBag.ReturnUrl }, FormMethod.Post, new {   @class = "form-horizontal", role = "form" }))

5、Global设置

protected void Application_AuthenticateRequest(object sender, EventArgs e)    {     //1、通过sender获取http请求     // HttpApplication app = new HttpApplication();//实例化     HttpApplication app = sender as HttpApplication;     //2、拿到http上下文     HttpContext context = app.Context;     //3、根据FormsAuthe,来获取cookie     var cookie = context.Request.Cookies[FormsAuthentication.FormsCookieName];     if (cookie != null)     {      //获取cookie的值      var ticket = FormsAuthentication.Decrypt(cookie.Value);      if (!string.IsNullOrWhiteSpace(ticket.UserData))      {       //把一个字符串类别变成实体模型       var model = ticket.UserData.ToObject<AdmininfoViewModel>();       //var acount = model.AdminAccount; //获取账号       context.User = new MyFormsPrincipal<AdmininfoViewModel>(ticket, model);       //MyFormsPrincipal.Identity = new FormsIdentity(ticket);       // MyFormsPrincipal.userdata;        }     }    }

6、退出登录

控制器中

  /// <summary>    /// 退出登录    /// </summary>    public ActionResult loginout()    {     //删除票据     FormsAuthentication.SignOut();     //清除cookie     Response.Cookies[FormsAuthentication.FormsCookieName].Expires = DateTime.Now.AddDays(-1);     Response.Cookies.Remove(FormsAuthentication.FormsCookieName);     return RedirectToAction("Index", "Home");       }

View跳转链接

@Html.ActionLink("安全退出","loginout","Users")

以上就是asp.net mvc中实现Forms身份验证身份验证流程的实例的详细内容，更多内容请关注技术你好其它相关文章！