返回
首页
业界
电商
创业
访谈
手机
移动
报告
运营
建站
互联网+
系统
教程
搜索

详解ASP.NET MVC Form表单验证

2019-05-22 20:58:31于丽

  接下来,需要做的就是用户登录成功后,创建UserData,序列化,再利用FormsAuthentication加密,写到cookie中;而请求到来时,需要尝试将cookie解密并反序列化。如下:

public class HttpFormsAuthentication
{    
  public static void SetAuthenticationCookie(string userName, IUserData userData, double rememberDays = 0)            
  {
    EnsureHelper.EnsureNotNullOrEmpty(userName, "userName");
    EnsureHelper.EnsureNotNull(userData, "userData");
    EnsureHelper.EnsureRange(rememberDays, "rememberDays", 0);
 
    //保存在cookie中的信息
    string userJson = JsonConvert.SerializeObject(userData);
 
    //创建用户票据
    double tickekDays = rememberDays == 0 ? 7 : rememberDays;
    var ticket = new FormsAuthenticationTicket(2, userName,
      DateTime.Now, DateTime.Now.AddDays(tickekDays), false, userJson);
 
    //FormsAuthentication提供web forms身份验证服务
    //加密
    string encryptValue = FormsAuthentication.Encrypt(ticket);
 
    //创建cookie
    HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptValue);
    cookie.HttpOnly = true;
    cookie.Domain = FormsAuthentication.CookieDomain;
 
    if (rememberDays > 0)
    {
      cookie.Expires = DateTime.Now.AddDays(rememberDays);
    }      
    HttpContext.Current.Response.Cookies.Remove(cookie.Name);
    HttpContext.Current.Response.Cookies.Add(cookie);
  }
 
  public static Principal TryParsePrincipal<TUserData>(HttpContext context)              
    where TUserData : IUserData
  {
    EnsureHelper.EnsureNotNull(context, "context");
 
    HttpRequest request = context.Request;
    HttpCookie cookie = request.Cookies[FormsAuthentication.FormsCookieName];
    if(cookie == null || string.IsNullOrEmpty(cookie.Value))
    {
      return null;
    }
    //解密cookie值
    FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);
    if(ticket == null || string.IsNullOrEmpty(ticket.UserData))          
    {
      return null;            
    }
    IUserData userData = JsonConvert.DeserializeObject<TUserData>(ticket.UserData);       
    return new Principal(ticket, userData);
  }
}

  在登录时,我们可以类似这样处理:

public ActionResult Login(string userName,string password)
{
  //验证用户名和密码等一些逻辑... 
 
  UserData userData = new UserData()
  {
    UserName = userName,
    UserID = userID,
    UserRole = "Admin"
  };
  HttpFormsAuthentication.SetAuthenticationCookie(userName, userData, 7);
   
  //验证通过...
}

  登录成功后,就会把信息写入cookie,可以通过浏览器观察请求,就会有一个名称为"Form"的Cookie(还需要简单配置一下配置文件),它的值是一个加密后的字符串,后续的请求根据此cookie请求进行验证。具体做法是在HttpApplication的AuthenticateRequest验证事件中调用上面的TryParsePrincipal,如:

相关文章 大家在看