Example of implementing Forms authentication authentication process in asp.net mvc

黄舟
Release: 2018-05-14 13:48:53
Original
4167 people have browsed it

This article mainly introduces the Forms authentication authentication process in asp.net MVC. The editor thinks it is quite good. Now I will share it with you and give you a reference. Let’s follow the editor and take a look.

Verification process

1. User login

1. Verification Form: ModelState.IsValid
2. Verify username and password: Verify by querying the database
3. If the username and password are correct, save the cookie on the client to save the user login status: SetAuthCookie
1): From Find the username and some necessary information in the database, and save the additional information to UserData
 2): Save the username and UserData to the FormsAuthenticationTicket ticket
3): Encrypt the ticket Encrypt
4) : Save the encrypted ticket in Cookie and send it to the client
4. Jump to the page before login
5. If login fails, return to the current view

2 , Verify login

1. Register the PostAuthenticateRequest event function in Global to parse the Cookie data sent by the client
1): Judge by HttpContext.Current.User.Identity Whether the user is logged in (FormsIdentity, IsAuthenticated, AuthenticationType)
2): Parse the Value from the cookie of the Request of the HttpContext, decrypt it to get the FormsAuthenticationTicket and get the UserData
2, role verification
1): Add the Authorize feature to the Action , role verification can be performed
 2): Perform role authentication in the IsInRole method of HttpContext.Current.User (needs to be rewritten)

1. User login

1. Set web.config

Set redirect login page

<system.web>
<authentication mode="Forms">
  <forms name="loginName" loginUrl="/UserInfo/login" cookieless="UseCookies" path="/" protection="All" timeout="30"></forms>
</authentication>
</system.web>
Copy after login

Comment out

<modules>
  <!--<remove name="FormsAuthentication" />-->
</modules>
Copy after login

2. Login verification controller

Methods modified with "[Authorize]" in the controller reject anonymity.

 public class UserInfoController : Controller //控制器
 {
 //身份验证过滤器
  [Authorize]
  public ActionResult Index()
  {
   return View();
  }
 }
Copy after login

Login in the controller

   /// <summary>
  /// 用户登录
  /// </summary>
  /// <returns></returns>
  public ActionResult login()
  {
   return View();
  }  
  [HttpPost]
  public ActionResult login(loginModels login) {
   if (ModelState.IsValid)
   {
    var model = db.Admininfo.FirstOrDefault(a => a.AdminAccount == login.AdminAccount && a.AdminPwd == login.AdminPwd);
    if (model != null)
    {
     //存入票据(用户登录的时候去存信息,如果有信息直接去登录)
     var dtoModel = new Users
     {
      id = model.id,
      AdminPwd = model.AdminPwd,
      AdminAccount=model.AdminAccount
     };
     //调用
     SetAuthCookie(dtoModel);
     //获取登录地址
     var returnUrl = Request["ReturnUrl"];
     //判断登录地址是不是空值
     if (!string.IsNullOrWhiteSpace(returnUrl))
     {      
      return Redirect(returnUrl);
     }
     else
     {
      //return RedirectiToAction
      return Redirect("/Home/index");
     }

    }
    else
    {
     ModelState.AddModelError("", "账号密码不对");
     return View(login);
    }
   }
   else
   {
    ModelState.AddModelError("", "输入的信息有误");
    return View(login);

   }
Copy after login

Cookie the login account

  /// <summary>
  /// 对登录账号进行cookie
  /// </summary>
  /// <param name="model"></param>
  public void SetAuthCookie(Users loginModel) {
   //1、将对象转换成json
   var userdata = loginModel.ToJson();
   //2、创建票据FormsAuthenticationTicket
   FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(2,"loginUser",DateTime.Now,DateTime.Now.AddDays(1), false, userdata);
   //对票据进行加密 
   var tickeEncrypt = FormsAuthentication.Encrypt(ticket);
   //创建Cookie,定义
   HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, tickeEncrypt);
   cookie.HttpOnly = true;
   cookie.Secure = FormsAuthentication.RequireSSL;
   cookie.Domain = FormsAuthentication.CookieDomain;
   cookie.Path = FormsAuthentication.FormsCookiePath;
   cookie.Expires = DateTime.Now.Add(FormsAuthentication.Timeout);
   //先移除cookie,在添加cookie
   Response.Cookies.Remove(FormsAuthentication.FormsCookieName);
   Response.Cookies.Add(cookie);
  }
Copy after login

3. Add model files to Models

 public class loginModels
 {
  /// <summary>
  /// 账号
  /// </summary>
  [DisplayName("账号")]
  [Required(ErrorMessage = "账号不能为空")] 
  public string AdminAccount { get; set; }
  /// <summary>
  /// 密码
  /// </summary>
  [DisplayName("密码")]
  [Required(ErrorMessage = "密码不能为空")]
  public string AdminPwd { get; set; }
 }
Copy after login

4. Login code in Views:

Copy code The code is as follows:

@using (Html.BeginForm("Login", "Account", new { ReturnUrl = ViewBag.ReturnUrl }, FormMethod.Post, new { 
@class = "form-horizontal", role = "form" }))
Copy after login

5.Global settings

protected void Application_AuthenticateRequest(object sender, EventArgs e)
  {
   //1、通过sender获取http请求
   // HttpApplication app = new HttpApplication();//实例化
   HttpApplication app = sender as HttpApplication;
   //2、拿到http上下文
   HttpContext context = app.Context;
   //3、根据FormsAuthe,来获取cookie
   var cookie = context.Request.Cookies[FormsAuthentication.FormsCookieName];
   if (cookie != null)
   {
    //获取cookie的值
    var ticket = FormsAuthentication.Decrypt(cookie.Value);
    if (!string.IsNullOrWhiteSpace(ticket.UserData))
    {
     //把一个字符串类别变成实体模型
     var model = ticket.UserData.ToObject<AdmininfoViewModel>();
     //var acount = model.AdminAccount; //获取账号
     context.User = new MyFormsPrincipal<AdmininfoViewModel>(ticket, model);
     //MyFormsPrincipal.Identity = new FormsIdentity(ticket);
     // MyFormsPrincipal.userdata;

    }
   }
  }
Copy after login

6. Log out

In the controller

  /// <summary>
  /// 退出登录
  /// </summary>
  public ActionResult loginout()
  {
   //删除票据
   FormsAuthentication.SignOut();
   //清除cookie
   Response.Cookies[FormsAuthentication.FormsCookieName].Expires = DateTime.Now.AddDays(-1);
   Response.Cookies.Remove(FormsAuthentication.FormsCookieName);
   return RedirectToAction("Index", "Home");
 
  }
Copy after login

View jump link

@Html.ActionLink("安全退出","loginout","Users")
Copy after login

The above is the detailed content of Example of implementing Forms authentication authentication process in asp.net mvc. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template