I use the selfhentiction

I wrote an example program. The first use of FROMs-based verification is used. First, assume that the user will succeed (this is generally verified from the database). Then write the authentication ticket Authentication. Deconsive whether the user is verified in the later page, if not, redirect to the user login page. If you have already logged in, you will perform business logic. This article focuses on discussing the use of Authentication in role verification. Not paying attention to other respects. The steps are as follows: 1. Add the following code in the user login button: This code is mainly written after the user is logged in, writes cookie.private void button1_click (object sender, system.eventargs e) {string username = TextBox1.Text.Trim (); String roles = "admin";

/ / Generate a verification ticket object. FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket (1, username, DateTime.Now, DateTime.Now.AddMinutes (20), false, roles); // encrypted authentication ticket string encrytedTicket = FormsAuthentication.Encrypt (authTicket); // generate Cookie object. //FormSauthentication.FormScookiename acquires the value of Name in the // Configuration section in WebConfig as a cookie name. HTTPCOOKIE Authcookie = New httpcookie (formsauthentication.formie); response.cookies.add (authcookie); // jump to the user's initial test page. Response.Redirect (FormsAuthentication.GetRedirectURL (username, false);} Add the following code to the Application_AuthenNTerequest event of Global.asax.cs: // Get the user's role. String cookiename = formsauthentication.formscookiename; // Get the name of the cookie from the verification ticket. // get a cookie. Httpcookie authcookie = context.request.cookies [cookiename];

IF (null == authcookie) {return;} formsauthenticationticket autocket = null; // Get verification ticket. Authticket = formsauthentication.Decrypt (authcookie.value);

IF (null == authticket) {return;}

// Verify that the user's role information is stored in the userData of the ticket. // USERDATA This is originally stored user custom information. This is used to store user roles. String [] roles = authticket.userdata.split (new char [] {','});

Formsidentity id = new formsident; genericprincipal principal = new genericprincipal (id, roles);

// Assign the generated verification ticket information and the role information to the current user. CONTEXT.USER = Principal; Third. The user ID is judged by httpContext.current.user.Identity.Name in each page, and httpContext.current.user.isinrole ("admin") determines whether the user belongs to a role (or a group) four. WebConfig modification: Everyone in this section understands, I don't have much to say. Mainly the following configuration. If you have a folder in the virtual directory. This folder can only be accessed by some groups. Then you can set it down below. Set access to the local directory. If the verification ticket is not passed, you cannot access it -> You can use the role-based form authentication. I am shallow, share it, welcome everyone to criticize.