.net實現網站用戶登錄認證

cookie登錄後同域名下的網站保持相同的登錄狀態。

登錄

private void SetAuthCookie(string userId, bool createPersistentCookie)
{
　　var ticket = new FormsAuthenticationTicket(2, userId, DateTime.Now, DateTime.Now.AddDays(7), true, "", FormsAuthentication.FormsCookiePath);
　　string ticketEncrypted = FormsAuthentication.Encrypt(ticket);

　　HttpCookie cookie;
　　if (createPersistentCookie)//是否在設置的過期時間內一直有效
　　{
　　　　cookie = new HttpCookie(FormsAuthentication.FormsCookieName, ticketEncrypted)
　　　　{
　　　　　　HttpOnly = true,
　　　　　　Path = FormsAuthentication.FormsCookiePath,
　　　　　　Secure = FormsAuthentication.RequireSSL,
　　　　　　Expires = ticket.Expiration,
　　　　　　Domain = "cnblogs.com"//這裡設置認證的域名，同域名下包括子域名如aa.cnblogs.com或bb.cnblogs.com都保持相同的登錄狀態
　　　　};
　　}
　　else
　　{
　　　　cookie = new HttpCookie(FormsAuthentication.FormsCookieName, ticketEncrypted)
　　　　{
　　　　　　HttpOnly = true,
　　　　　　Path = FormsAuthentication.FormsCookiePath,
　　　　　　Secure = FormsAuthentication.RequireSSL,
　　　　　　//Expires = ticket.Expiration,//無過期時間的，浏覽器關閉後失效
　　　　　　Domain = "cnblogs.com"
　　　　};
　　}

　　HttpContext.Current.Response.Cookies.Remove(FormsAuthentication.FormsCookieName);
　　HttpContext.Current.Response.Cookies.Add(cookie);
}

這樣登錄後，在同域名下的任何頁面都可以得到用戶狀態

判斷用戶是否登錄

public bool IsAuthenticated
{
　　get
　　{
　　　　bool isPass = System.Web.HttpContext.Current.User.Identity.IsAuthenticated;

　　　　if (!isPass)
　　　　　　SignOut();

　　　　return isPass;
　　}
}

得到當前的用戶名

public string GetCurrentUserId()
{
   return _httpContext.User.Identity.Name;
}

下面給大家一個具體的實例

CS頁代碼：

using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.SqlClient;

public partial class Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{

}
protected void Button1_Click(object sender, EventArgs e)
{ 

string connString = Convert.ToString(ConfigurationManager.ConnectionStrings["001ConnectionString"]);
//001ConnectionString是我在webconfig裡配置的數據庫連接。
SqlConnection conn = new SqlConnection(connString); 
string strsql = "select * from User_table where User_name='" + UserName.Text + "' and Password='" + Password.Text + "'";
SqlCommand cmd = new SqlCommand(strsql, conn);
conn.Open();
SqlDataReader dr = cmd.ExecuteReader(CommandBehavior.CloseConnection);

if (dr.Read())
{ 
Response.Redirect("index.aspx");
conn.Close();
}
else
{
FailureText.Text = "登陸失敗,請檢查登陸信息!";
conn.Close();
Response.Write("<script language=javascript>alert('登陸失敗!.');</script>");
}
}

protected void Button2_Click(object sender, EventArgs e) //文本框重置按鈕
{
UserName.Text = "";
Password.Text = "";

}
}

下面是aspx頁面代碼：

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Login.aspx.cs" Inherits="Login" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" " http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns=" http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>無標題頁</title>
</head>
<body>
<form id="form1" runat="server"> 
<asp:Panel ID="Panel1" runat="server" Height="101px" Width="231px" Wrap="False">
<table>
<tr>
<td align="center" colspan="2">
用戶登陸</td>
</tr>
<tr>
<td style="width: 89px">
用戶名:</td>
<td style="width: 100px">
<asp:TextBox ID="UserName" runat="server" Wrap="False"></asp:TextBox></td>
</tr>
<tr>
<td style="width: 89px">
密碼:</td>
<td style="width: 100px">
<asp:TextBox ID="Password" runat="server" TextMode="Password" Width="148px" Wrap="False" ></asp:TextBox></td>
</tr>
<tr>
<td align="center" colspan="2" style="text-align: center">
<asp:Button ID="Button1" runat="server" Text="登陸" Width="50px" OnClick="Button1_Click" />
<asp:Button ID="Button2" runat="server" Text="重置" Width="50px" OnClick="Button2_Click" /></td>
</tr>
<tr>
<td align="center" colspan="2">
<asp:Label ID="FailureText" runat="server" Width="77px"></asp:Label></td>
</tr>
</table>
</asp:Panel>

</form>
</body>
</html>