This article mainly introduces the Forms authentication authentication process in asp.net MVC. The editor thinks it is quite good. Now I will share it with you and give you a reference. Let’s follow the editor and take a look.
Verification process
1. User login
1. Verification Form: ModelState.IsValid
2. Verify username and password: Verify by querying the database
3. If the username and password are correct, save the cookie on the client to save the user login status: SetAuthCookie
1): From Find the username and some necessary information in the database, and save the additional information to UserData
2): Save the username and UserData to the FormsAuthenticationTicket ticket
3): Encrypt the ticket Encrypt
4) : Save the encrypted ticket in Cookie and send it to the client
4. Jump to the page before login
5. If login fails, return to the current view
2 , Verify login
1. Register the PostAuthenticateRequest event function in Global to parse the Cookie data sent by the client
1): Judge by HttpContext.Current.User.Identity Whether the user is logged in (FormsIdentity, IsAuthenticated, AuthenticationType)
2): Parse the Value from the cookie of the Request of the HttpContext, decrypt it to get the FormsAuthenticationTicket and get the UserData
2, role verification
1): Add the Authorize feature to the Action , role verification can be performed
2): Perform role authentication in the IsInRole method of HttpContext.Current.User (needs to be rewritten)
1. User login
1. Set web.config
Set redirect login page
Comment out
2. Login verification controller
Methods modified with "[Authorize]" in the controller reject anonymity.
public class UserInfoController : Controller //控制器 { //身份验证过滤器 [Authorize] public ActionResult Index() { return View(); } }
Login in the controller
////// 用户登录 /// ///public ActionResult login() { return View(); } [HttpPost] public ActionResult login(loginModels login) { if (ModelState.IsValid) { var model = db.Admininfo.FirstOrDefault(a => a.AdminAccount == login.AdminAccount && a.AdminPwd == login.AdminPwd); if (model != null) { //存入票据(用户登录的时候去存信息,如果有信息直接去登录) var dtoModel = new Users { id = model.id, AdminPwd = model.AdminPwd, AdminAccount=model.AdminAccount }; //调用 SetAuthCookie(dtoModel); //获取登录地址 var returnUrl = Request["ReturnUrl"]; //判断登录地址是不是空值 if (!string.IsNullOrWhiteSpace(returnUrl)) { return Redirect(returnUrl); } else { //return RedirectiToAction return Redirect("/Home/index"); } } else { ModelState.AddModelError("", "账号密码不对"); return View(login); } } else { ModelState.AddModelError("", "输入的信息有误"); return View(login); }
Cookie the login account
////// 对登录账号进行cookie /// /// public void SetAuthCookie(Users loginModel) { //1、将对象转换成json var userdata = loginModel.ToJson(); //2、创建票据FormsAuthenticationTicket FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(2,"loginUser",DateTime.Now,DateTime.Now.AddDays(1), false, userdata); //对票据进行加密 var tickeEncrypt = FormsAuthentication.Encrypt(ticket); //创建Cookie,定义 HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, tickeEncrypt); cookie.HttpOnly = true; cookie.Secure = FormsAuthentication.RequireSSL; cookie.Domain = FormsAuthentication.CookieDomain; cookie.Path = FormsAuthentication.FormsCookiePath; cookie.Expires = DateTime.Now.Add(FormsAuthentication.Timeout); //先移除cookie,在添加cookie Response.Cookies.Remove(FormsAuthentication.FormsCookieName); Response.Cookies.Add(cookie); }
3. Add model files to Models
public class loginModels { /// /// 账号 /// [DisplayName("账号")] [Required(ErrorMessage = "账号不能为空")] public string AdminAccount { get; set; } /// /// 密码 /// [DisplayName("密码")] [Required(ErrorMessage = "密码不能为空")] public string AdminPwd { get; set; } }
4. Login code in Views:
Copy codeThe code is as follows:
@using (Html.BeginForm("Login", "Account", new { ReturnUrl = ViewBag.ReturnUrl }, FormMethod.Post, new { @class = "form-horizontal", role = "form" }))
5.Global settings
protected void Application_AuthenticateRequest(object sender, EventArgs e) { //1、通过sender获取http请求 // HttpApplication app = new HttpApplication();//实例化 HttpApplication app = sender as HttpApplication; //2、拿到http上下文 HttpContext context = app.Context; //3、根据FormsAuthe,来获取cookie var cookie = context.Request.Cookies[FormsAuthentication.FormsCookieName]; if (cookie != null) { //获取cookie的值 var ticket = FormsAuthentication.Decrypt(cookie.Value); if (!string.IsNullOrWhiteSpace(ticket.UserData)) { //把一个字符串类别变成实体模型 var model = ticket.UserData.ToObject(); //var acount = model.AdminAccount; //获取账号 context.User = new MyFormsPrincipal(ticket, model); //MyFormsPrincipal.Identity = new FormsIdentity(ticket); // MyFormsPrincipal.userdata; } } }
6. Log out
In the controller
////// 退出登录 /// public ActionResult loginout() { //删除票据 FormsAuthentication.SignOut(); //清除cookie Response.Cookies[FormsAuthentication.FormsCookieName].Expires = DateTime.Now.AddDays(-1); Response.Cookies.Remove(FormsAuthentication.FormsCookieName); return RedirectToAction("Index", "Home"); }
View jump link
@Html.ActionLink("安全退出","loginout","Users")
The above is the detailed content of Example of implementing Forms authentication authentication process in asp.net mvc. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
