In my previous "User Attributes in HTTPCONTEXT" to implement User Authentication, I have already used HTTPContext.user properties to implement user authentication, and write an example program. However, in the previous article, we use the system cache to save the user's login information, which is undoubtedly a practice of occupying system resources. Is there a better way? I said in the previous chapter, you can try to use the user verification ticket to save the user login information, this way is based on the cookie principle, thus avoiding the troubles brought by using the cache. We already have the foundation of the previous article, this time only needs to be modified on its basis.
To use this method, we must first configure the web.config file, change the properties Mode of the
Mypage.cs
Using system;
Using system.collections;
Namespace httpcontextusereg
{
///
A summary description of /// mypage.
///
/// Inherited from Page class
Public class mypage: system.web.ui.page
{
Public mypage ()
{
//
// TODO: Add constructor logic here
//
}
Protected Override Void OnNit (Eventargs E)
{
Base.onit (E);
This.Load = New EventHandler (mypage_load);
}
// Extract user information from the cache when loading
Private void mypage_load (Object Sender, System.EventArgs E)
{
IF (context.user.Identity.isauthenticated)
{
IF (! (! (!))
{
MyPrincipal Principal = new myprincipal (context.user.Identity.Name);
CONTEXT.USER = Principal;
}
}
}
}
}
Myprincipal.cs
Using system;
Using system.collections;
Namespace httpcontextusereg
{
///
/// myPrincipal's summary description.
///
// / Implement an IPRINCIPAL interface
Public class myprincipal: system.security.principal.iprincipal
{
Private system.security.principal.iziDentity Identity;
Private arraylist rolelist;
Public myprincipal (String UserID)
{
//
// TODO: Add constructor logic here
//
Identity = new myidentity (userID);
RoleList (); rolelist.add ("admin");
}
Public Static MyPrincipal ValidateLogin (String Userid, String Password)
{
IF (userid == "yan0lovesha" && password == "ioveshasha")
{
Return New MyPrincipal (UserID);
}
Else
Return NULL;
}
Public ArrayList RoleList
{
get
{
Return RoleList;
}
}
#Region iPrincipal member
Public system.security.principal.iziDentity Identity
{
get
{
// Todo: Add myprincipal.Identity getter implementation
Return Identity;
}
set
{
Identity = Value;
}
}
Public Bool Isinrole (String Role)
{
// Todo: Add myprincipal.isinrole implementation
Return RoleList.Contains (Role) ;;
}
#ndregion
}
}
Myidentity.cs
Using system;
Namespace httpcontextusereg
{
///
/// myidentity's summary description.
///
// / Implement the IIDENTITY interface
Public class myidentity: system.security.principal.iidentity
{
Private string userid;
PRIVATE STRING Password;
Public myidentity (String CurrentUser)
{
//
// TODO: Add constructor logic here
//
Userid = CurrentUserId;
Password = "iloveshasha"; // This is actually the password obtained from the database
}
Private bool canpass ()
{
/ / The friends here can change the user name and password from the database according to their needs.
/ / Here, I can easily specify the string directly specified.
IF (userid == "yan0lovesha" && password == "ioveshasha")
{
Return True;
}
Else
{
Return False;
}
}
Public String Password
{
get
{
Return Password;
}
set
{
Password = Value;
}
}
#Region IIDENTITY member
Public Bool Isauthenticated
{
get
{
// Todo: Add myidentity.isauthenticate getter implementation
Return True;
}
}
Public String Name
{
get
{
// Todo: Add myidentity.name getter implementation
Return UserId;
}
}
// This property we can use according to your needs, it is not used in this example.
Public String AuthenticationType
{
get
{
// Todo: Add myidentity.authenticationType GetTer implementation Return NULL;
}
}
#ndregion
}
}
Webform.aspx.cs
Using system;
Using system.collections;
Using system.componentmodel;
Using system.data;
Using system.drawing;
Using system.Web;
Using system.Web.caching;
Using system.Web.SessionState;
Using system.Web.ui;
Using system.Web.ui.webcontrols;
Using system.Web.ui.htmlcontrols;
Namespace httpcontextusereg
{
///
/// WebForm1 summary description.
///
/// will inherit it here from the Page class to inherit yourself MyPage class
Public Class Webform1: httpContextUsereg.mypage
{
Protected system.web.ui.webcontrols.textbox tbxuserid;
Protected system.Web.ui.WebControls.TextBox TBXpassword;
protected system.web.ui.webcontrols.panel panel1;
protected system.web.ui.webcontrols.button btnadmin
protected system.web.ui.webcontrols.button btnuser;
Protected system.web.ui.webcontrols.label lblroleMessage;
Protected system.Web.ui.webcontrols.label lblloginmessage;
Protected system.web.ui.webcontrols.button btnlogin;
Private Void Page_Load (Object Sender, System.EventArgs E)
{
/ / Place the user code here to initialize the page
}
#Region web form designer generated code
Override protected void oninit (Eventargs E)
{
//
// Codegen: This call is necessary for the ASP.NET Web Form Designer.
//
InitializationComponent ();
Base.onit (e);
}
///
/// Designer supports the required method - do not use the code editor to modify
/// This method is content.
///
Private vidinitiRizeComponent ()
{
This.btnlogin.click = new system.eventhandler (this.btnlogin_click);
This.btnadmin.click = new system.eventhandler (this.btnadmin_click);
This.btnuser.click = new system.eventhandler (this.btnuser_click);
This.Load = New System.EventHandler (this.page_load);
}
#ndregion
Private void btnlogin_click (Object sender, system.eventargs e) {
MyPrincipal Principal = myprincipal.validatelogin (tbxuserid.text, tbxpassword.text);
IF (Principal == NULL)
{
LBLLoginMessage.Text = "Username or Password is incorrect";
Panel1.visible = false;
}
Else
{
// If the user passes verification, generate user verification tickets.
CONTEXT.USER = Principal;
System.Web.Security.FormSauthentication.SetAuthCookie (TBXUserId.Text, True);
LBLLoginMessage.text = tbxUserid.text "Logged in";
Panel1.visible = true;
}
}
Private void btnadmin_click (Object Sender, System.Eventargs E)
{
/ / Verify that the user's role contains admin
IF (Context.user.Isinrole ("admin")))
{
LBLROLEMESSAGE.TEXT = "User" ((MyPrincipal) Context.user) .Identity.name "belongs to the admin group";
}
Else
{
LBLROLEMESSAGE.TEXT = "User" Context.user.Identity.name "Does not belong to Admin Group";
}
}
Private void btnuser_click (Object Sender, System.EventArgs E)
{
/ / Verify that the user's Role contains User
IF (Context.user.Isinrole ("User"))
{
LBLROLEMESSAGE.TEXT = "User" Context.user.Identity.name "belongs to User Group";
}
Else
{
LBLROLEMESSAGE.TEXT = "User" Context.User.Identity.name "Does Not Alone User Group";
}
}
}
}
WebForm.aspx does not need to modify everyone to compare this two codes to understand this user verification mechanism!
