使用HttpContext的User属性来实现用户验证

类别:.NET开发 点击:0 评论:0 推荐:

HttpContext类包含了个别HTTP请求的所有特定HTTP信息。这个示例主要是讲如何使用HttpContext类中的User属性来实现用户验证!

用户验证是大部分ASP.NET WEB应用程序都要用到的,它在整个应用程序中占有很重要的地位,在.NET中,包含了很多种用户验证方式,如众所周知的PassPort认证,Windows认证,Form认证等等,可是这些都很难满足我们在实际应用中的需求,以致于很多朋友都是自己另外写代码来实现自己需要的功能,这让我们在安全性以及系统效率上要考虑很多。

实际上,ASP.NET中内置的用户验证机制功能非常强大,同时也具有非常好的的可扩展性,它能够在HttpContext对象中生成一个名为User的属性,这个属性能让我们访问各种信息,包括用户是否已验证,用户的类型,用户名等等,我们还可以对该属性的功能进性扩展,以实现我们的要求。

分配给HttpContext.User的对象必须实现IPrincipal接口,而Iprincipal定义的属性之一是Identity,它必须实现Iidentity接口。因为,我们只要写了实现这两个接口的类,就可以在这些类中添加任何我们所需要的功能。

首先,我们创建两个实现Iprincipal和Iidentity的类,分另为MyIprincipal和MyIdentity

 

MyIprincipal.cs

 

using System;

using System.Collections;

 

namespace HttpContextUserEG

{

       /// <summary>

       /// MyPrincipal 的摘要说明。

       /// </summary>

       /// 实现IPrincipal接口

       public class MyPrincipal : System.Security.Principal.IPrincipal

       {

              private System.Security.Principal.IIdentity identity;

              private ArrayList roleList;

 

              public MyPrincipal(string userID,string password)

              {

                     //

                     // TODO: 在此处添加构造函数逻辑

                     //

                     identity = new MyIdentity(userID,password);

                     if(identity.IsAuthenticated)

                     {

                            //如果通过验证则获取该用户的Role,这里可以修改为从数据库中

                            //读取指定用户的Role并将其添加到Role中,本例中直接为用户添加一个Admin角色

                            roleList = new ArrayList();

                            roleList.Add("Admin");

                     }

                     else

                     {

                            // do nothing

                     }

              }

 

              public ArrayList RoleList

              {

                     get

                     {

                            return roleList;

                     }

              }

              #region IPrincipal 成员

 

              public System.Security.Principal.IIdentity Identity

              {

                     get

                     {

                            // TODO:  添加 MyPrincipal.Identity getter 实现

                            return identity;

                     }

                     set

                     {

                            identity = value;

                     }

              }

 

              public bool IsInRole(string role)

              {

                     // TODO:  添加 MyPrincipal.IsInRole 实现

                     return roleList.Contains(role);;

              }

 

              #endregion

       }

}

 

 

MyIdentity.cs

 

using System;

 

namespace HttpContextUserEG

{

       /// <summary>

       /// MyIdentity 的摘要说明。

       /// </summary>

       /// 实现IIdentity接口

       public class MyIdentity : System.Security.Principal.IIdentity

       {

              private string userID;

              private string password;

 

              public MyIdentity(string currentUserID,string currentPassword)

              {

                     //

                     // TODO: 在此处添加构造函数逻辑

                     //

                     userID = currentUserID;

                     password = currentPassword;

              }

 

              private bool CanPass()

              {

                     //这里朋友们可以根据自己的需要改为从数据库中验证用户名和密码,

                     //这里为了方便我直接指定的字符串

                     if(userID == "yan0lovesha" && password == "iloveshasha")

                     {

                            return true;

                     }

                     else

                     {

                            return false;

                     }

              }

 

              public string Password

              {

                     get

                     {

                            return password;

                     }

                     set

                     {

                            password = value;

                     }

              }

 

              #region IIdentity 成员

 

              public bool IsAuthenticated

              {

                     get

                     {

                            // TODO:  添加 MyIdentity.IsAuthenticated getter 实现

                            return CanPass();

                     }

              }

 

              public string Name

              {

                     get

                     {

                            // TODO:  添加 MyIdentity.Name getter 实现

                            return userID;

                     }

              }

 

              //这个属性我们可以根据自己的需要来灵活使用,在本例中没有用到它

              public string AuthenticationType

              {

                     get

                     {

                            // TODO:  添加 MyIdentity.AuthenticationType getter 实现

                            return null;

                     }

              }

 

              #endregion

       }

}

 

在完成了这两个类之后我们还要创建一个自己的Page类,来配合我们的验证,这里我们将其命名为MyPage,继承自Page类

 

MyPage.cs

 

using System;

using System.Collections;

 

namespace HttpContextUserEG

{

       /// <summary>

       /// MyPage 的摘要说明。

       /// </summary>

       /// 继承自Page类

       public class MyPage : System.Web.UI.Page

       {

              public MyPage()

              {

                     //

                     // TODO: 在此处添加构造函数逻辑

                     //

              }

 

              protected override void OnInit(EventArgs e)

              {

                     base.OnInit (e);

                     this.Load +=new EventHandler(MyPage_Load);

              }

 

              //在页面加载的时候从缓存中提取用户信息

              private void MyPage_Load(object sender, System.EventArgs e)

              {

                     if(Context.User.Identity.IsAuthenticated)

                     {

                            if(Context.Cache["UserMessage"] != null)

                            {

                                   Hashtable userMessage = (Hashtable)Context.Cache["UserMessage"];

                                   MyPrincipal principal = new MyPrincipal(userMessage["UserID"].ToString(),userMessage["UserPassword"].ToString());

                                   Context.User = principal;

                            }

                     }

              }

       }

}

 

下面就是我们的界面WebForm.aspx和WebForm.aspx.cs

 

WebForm.aspx

 

<%@ Page language="c#" Codebehind="WebForm1.aspx.cs" AutoEventWireup="false" Inherits="HttpContextUserEG.WebForm1" %>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<HTML>

       <HEAD>

              <title>WebForm1</title>

              <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">

              <meta content="C#" name="CODE_LANGUAGE">

              <meta content="JavaScript" name="vs_defaultClientScript">

              <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">

       </HEAD>

       <body>

              <form id="Form1" method="post" runat="server">

                     <P><FONT face="宋体">用户名:

                                   <asp:TextBox id="tbxUserID" runat="server"></asp:TextBox><BR>

                                   密 码:

                                   <asp:TextBox id="tbxPassword" runat="server" TextMode="Password"></asp:TextBox></FONT></P>

                     <P><FONT face="宋体">

                                   <asp:Button id="btnLogin" runat="server" Text="登录"></asp:Button>

                                   <asp:Label id="lblLoginMessage" runat="server"></asp:Label></FONT></P>

                     <P><FONT face="宋体">

                                   <asp:Panel id="Panel1" runat="server" Visible="False">

                                          <P>

                                                 <asp:Button id="btnAdmin" runat="server" Text="角色1"></asp:Button>

                                                 <asp:Button id="btnUser" runat="server" Text="角色2"></asp:Button></P>

                                          <P>

                                                 <asp:Label id="lblRoleMessage" runat="server"></asp:Label></P>

                                   </asp:Panel>

                                   <P></P>

                            </FONT>

              </form>

       </body>

</HTML>

 

WebForm1.aspx.cs

 

using System;

using System.Collections;

using System.ComponentModel;

using System.Data;

using System.Drawing;

using System.Web;

using System.Web.Caching;

using System.Web.SessionState;

using System.Web.UI;

using System.Web.UI.WebControls;

using System.Web.UI.HtmlControls;

 

namespace HttpContextUserEG

{

       /// <summary>

       /// WebForm1 的摘要说明。

       /// </summary>

       /// 将这里本来继承自Page类改为继承自我们自己的MyPage类

       public class WebForm1 : HttpContextUserEG.MyPage

       {

              protected System.Web.UI.WebControls.TextBox tbxUserID;

              protected System.Web.UI.WebControls.TextBox tbxPassword;

              protected System.Web.UI.WebControls.Panel Panel1;

              protected System.Web.UI.WebControls.Button btnAdmin;

              protected System.Web.UI.WebControls.Button btnUser;

              protected System.Web.UI.WebControls.Label lblRoleMessage;

              protected System.Web.UI.WebControls.Label lblLoginMessage;

              protected System.Web.UI.WebControls.Button btnLogin;

      

              private void Page_Load(object sender, System.EventArgs e)

              {

                     // 在此处放置用户代码以初始化页面

              }

 

              #region Web 窗体设计器生成的代码

              override protected void OnInit(EventArgs e)

              {

                     //

                     // CODEGEN: 该调用是 ASP.NET Web 窗体设计器所必需的。

                     //

                     InitializeComponent();

                     base.OnInit(e);

              }

             

              /// <summary>

              /// 设计器支持所需的方法 - 不要使用代码编辑器修改

              /// 此方法的内容。

              /// </summary>

              private void InitializeComponent()

              {   

                     this.btnLogin.Click += new System.EventHandler(this.btnLogin_Click);

                     this.btnAdmin.Click += new System.EventHandler(this.btnAdmin_Click);

                     this.btnUser.Click += new System.EventHandler(this.btnUser_Click);

                     this.Load += new System.EventHandler(this.Page_Load);

 

              }

              #endregion

 

              private void btnLogin_Click(object sender, System.EventArgs e)

              {

                     MyPrincipal principal = new MyPrincipal(tbxUserID.Text,tbxPassword.Text);

                     if(!principal.Identity.IsAuthenticated)

                     {

                            lblLoginMessage.Text = "用户名或密码不正确";

                            Panel1.Visible = false;

                     }

                     else

                     {

                            // 如果用户通过验证,则将用户信息保存在缓存中,以备后用

                            // 在实际中,朋友们可以尝试使用用户验证票的方式来保存用户信息,这也是.NET内置的用户处理机制

                            Context.User = principal;

                            Hashtable userMessage = new Hashtable();

                            userMessage.Add("UserID",tbxUserID.Text);

                            userMessage.Add("UserPassword",tbxPassword.Text);

                            Context.Cache.Insert("UserMessage",userMessage);

                            lblLoginMessage.Text = tbxUserID.Text + "已经登录";

                            Panel1.Visible = true;

                     }

              }

 

              private void btnAdmin_Click(object sender, System.EventArgs e)

              {

                     // 验证用户的Role中是否包含Admin

                     if(Context.User.IsInRole("Admin"))

                     {

                            lblRoleMessage.Text = "用户" + ((MyPrincipal)Context.User).Identity.Name + "属于Admin组";

                     }

                     else

                     {

                            lblRoleMessage.Text = "用户" + Context.User.Identity.Name + "不属于Admin组";

                     }

              }

 

              private void btnUser_Click(object sender, System.EventArgs e)

              {

                     // 验证用户的Role中是否包含User

                     if(Context.User.IsInRole("User"))

                     {

                            lblRoleMessage.Text = "用户" + Context.User.Identity.Name + "属于User组";

                     }

                     else

                     {

                            lblRoleMessage.Text = "用户" + Context.User.Identity.Name + "不属于User组";

                     }

              }

       }

}

 

代码部分介绍完了,朋友们可以自己试试来看到效果,在这个例子中很多地方都为了方便而直接给予赋值,在实际应用中,这些将是从数据库或从其它配置文件中得到,而这种方法的可扩展性是非常高的,我们可以根据自己的需要来扩展MyIprincipal和MyIdentity类的功能。比如我们可以添加一个IsInPermission来使用户不仅属于角色,每个角色还可以拥有不同的权限。在本例中,在用户验证过后是通过使用缓存来保存已验证用户的信息的,我们还可以尝试使用用户验证票的方式来实现。

我们可以看到,这种用户验证机制,在我们的程序越宠大,它所带来的好处就越多,而且他还有很多值得我们发掘的地方!

希望大家能和我互相交流!谢谢!

本文地址:http://com.8s8s.com/it/it42046.htm