本文介绍了ASP.NET 2.0中的表单身份验证的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述 29岁程序员，3月因学历无情被辞！ 我们正在设计我们的第一个ASP.NET 2.0应用程序，并且 发现表单身份验证在 ASP.NET 2.0中完全不同。 由于多种原因，我们无法使用ASP.NET 2.0提供的标准登录组件 （例如，我们需要完全控制外观 - 包括 使用CSS而非表格进行布局 - 我们需要能够自己处理 身份验证cookie，而不是让内置组件处理 给我们）。我们还需要使用Application_Start事件从我们的数据库中读取查找 数据。 有谁知道如何回到像.NET 1.1这样的东西模型为 编码表格认证。 我不会反对使用提供的组件BTW，只要我们得到 我们以前的功能，只要我们可以自己设置可见的 组件的样式。 PeterWe are in the process of designing our first ASP.NET 2.0 application andhave discovered that Forms Authentication works completely differently inASP.NET 2.0.For a number of reasons, we cannot use the standard login component suppliedwith ASP.NET 2.0 (e.g. we need full control of the look and feel - includingusing CSS and not tables for layout - and we need to be able to handle theauthentication cookie ourselves rather than let a built-in component handleit for us). We also need to use the Application_Start event to read lookupdata from our databases.Does anyone know how to get back to something like the .NET 1.1 model forcoding forms authentication.I''m not dead against using the supplied components, BTW, as long as we getthe functionality we had before and as long as we can style the visiblecomponents ourselves.Peter推荐答案 彼得 设计你自己的login.aspx页面 在提交活动时添加以下代码 ---- -------------------------- 如果用户名和密码正确，则为 //初始化FormsAuthentication FormsAuthentication.Initialize（）; //创建用于身份验证的新票证 FormsAuthenticationTicket ticket = new FormsAuthenticationTicket（ 1，//票证版本 用户名，//用户名关联d带票据 DateTime.Now，//发布日期/时间 DateTime.Now.AddMonths（1），//到期日期/时间 true，//" true"对于持久用户cookie UserRoles，//用户数据，在这种情况下是角色 FormsAuthentication.FormsCookiePath）; //路径cookie有效 //使用机器密钥加密cookie以进行安全传输 string hash = FormsAuthentication.Encrypt（ticket）; HttpCookie cookie = new HttpCookie（ FormsAuthentication.FormsCookieName，// auth cookie的名称 hash）; //散列票 //将cookie的到期时间设置为票证到期时间 if（ticket.IsPersistent）cookie.Expires = ticket .Expiration; //将cookie添加到列表中以便传出响应 Response.Cookies.Add（cookie）; //重定向到请求的主页 Response.Redirect（" /"）; ------------ ------------------ 这几乎就是表单身份验证所需要的，而不使用 团体。Hi Peterdesign you own login.aspx pageOn submit event add the following code------------------------------if UserName and Password were correct// Initialize FormsAuthenticationFormsAuthentication.Initialize();// Create a new ticket used for authenticationFormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, // Ticket versionUserName, // Username associated with ticketDateTime.Now, // Date/time issuedDateTime.Now.AddMonths(1), // Date/time to expiretrue, // "true" for a persistent user cookieUserRoles, // User-data, in this case the rolesFormsAuthentication.FormsCookiePath); // Path cookie valid for// Encrypt the cookie using the machine key for secure transportstring hash = FormsAuthentication.Encrypt(ticket);HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, // Name of auth cookiehash); // Hashed ticket// Set the cookie''s expiration time to the tickets expiration timeif (ticket.IsPersistent) cookie.Expires = ticket.Expiration;// Add the cookie to the list for outgoing responseResponse.Cookies.Add(cookie);// Redirect to requested homepageResponse.Redirect("/");------------------------------That''s pretty much all you need for the Forms Authentication without usingthe groups. 你好Alexey， 谢谢你。就登录 页面而言，这几乎就是我们现在所做的。然后我们将类和方法的属性添加到我们希望限制访问的，指定用户必须登录 并按顺序登录相应角色的成员在该 方法中执行代码或访问该类的对象（取决于要求）。这个 会引发一个身份验证请求事件，该事件在Application_AuthenticateRequest（）事件处理程序中的 Global.asax.cs中处理。这个 处理程序获取身份验证cookie并创建一个 FormsAuthenticationTicket，并为其分配解密的cookie值。 然后我们提取用户的角色，并创建一个新的GenericIdentity 传递FormsAuthenticationTicket。最后，我们创建了一个新的 GenericPrincipal对象，传递GenericIdentity和角色。 最后，我们在当前上下文中将GenericPrincipal分配给用户。 我的问题，真的，我们现在把这段代码放在哪里？在哪里 处理AuthenticateRequest事件？ PeterHi Alexey,Thanks for that. This is pretty much what we do now as far as the loginpage is concerned. We then add attributes to the classes and methods towhich we wish to restrict access, specifying that the user must be logged inand a member of the appropriate role in order to execute the code in thatmethod or access an object of that class (depending on requirements). Thiscauses an authentication request event to be raised, which is handled inGlobal.asax.cs in the Application_AuthenticateRequest() event handler. Thishandler fetches the authentication cookie and creates aFormsAuthenticationTicket to which is assigned the decrypted cookie value.We then extract the user''s roles from that and create a new GenericIdentitypassing in the FormsAuthenticationTicket. Finally, we create a newGenericPrincipal object passing in the GenericIdentity and the roles.Lastly, we assign the GenericPrincipal to the user in the current context.My question, really, is where do we now put this code? Where areAuthenticateRequest events handled?Peter 必须在登录信息后立即创建身份验证票据 证实。因为票证用于标识经过身份验证的用户。所以， 它可以在登录页面中，它在身份验证部分中定义 在web.config中 < ; authentication mode =" Forms"> < forms name =" .ASPXAUTH" loginUrl = QUOT; /login.aspx" /> < / authentication> 我找到了一个基于角色的身份验证示例，看看 http://www.codeproject.com/aspnet/formsroleauth.asp 干杯！The authentication ticket has to be created right after the login info isconfirmed. Because the ticket is used to identify an authenticated user. So,it can be in the login page, which is defined in the Authentication sectionin web.config<authentication mode="Forms"><forms name=".ASPXAUTH" loginUrl="/login.aspx" /></authentication>I''ve found an example of a role-based authentication, take a look http://www.codeproject.com/aspnet/formsroleauth.aspCheers! 这篇关于ASP.NET 2.0中的表单身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！ 上岸，阿里云！