For example, to protect the admin / admin.aspx page can only be accessed by users with admin roles.
First, the configuration of web.config
1, configuration of the Authentication section
2, the configuration of the Location section
Note: The definition of the LCATION section is outside the definition of System.Web
Second, Login.aspx
Assume that there is a button button on the page, the corresponding event handler is:
Using system.Web.security; ............................................................................................................................................ Whether it is correct); if (isloggedin == true) {string runch = (custom function, retrieving the user role list from the database, separated by "|"); FormSauthenticationalTicket Ticket = New FormSauthenticationalTicket (1, // version number "user name ", DateTime.Now, DateTime.Now.AddMinutes (20), // false cookie expiration time of, // cookie whether permanent roles); string encryptedTicket = FormsAuthentication.Encrypt (ticket); HttpCookie cookie = new HttpCookie (FormsAuthentication. Formscookiename, EncryptedTicket; response.cookies.add (cookie); response.redirect (FormsAuthentication.GetRedirectURL ("User Name", False));}}
Third, global.asax
using System.Security.Principal; ....... protected void Application_AuthenticateRequest (Object sender, EventArgs e) {string cookieName = FormsAuthentication.FormsCookieName; HttpCookie cookie = Context.Request.Cookies [cookieName];
IF (cookie == null) {return;}
FormsauthenticationalticTicket Ticket = null; try {ticket = formsauthentication.Decrypt (cookie.value);} catch {return;}
IF (ticket == null) {return;}
String [] roles = ticket.userdata.split (new char [] {'|'}; formsidentity id = new formsidentity (ticket); genericprincipal principal = new genericprincipal (id, roles); context.user = principal;
Fourth, the defects and deficiencies of this method
1. If the user does not have permissions, stay in the landing page requires the user to enter the username and password again;
2, the client browser must enable cookies, otherwise this method does not work;
