2016年11月9日 星期三

ASP .NET MVC 登入驗證 FormsAuthentication 

  2. [AllowAnonymous] //此Class不驗證
  3. public class AccountController : BaseController
  4. {
  5.     [HttpPost]
  6.     public ActionResult LoginGo(Login form)
  7.     {
  8.         Session.RemoveAll();
  9.         Session["LoginInfo"] = null;
  10.         LoginData loginData = new LoginData();
  11.         try
  12.         {
  13.             if (ValidateLogin(form))
  14.             {
  15.                 //驗證成功(失敗則重新登入)
  16.                 loginData.loginStatus = "00";
  17.                 loginData.userId = form.userId;
  18.                 loginData.userName = "使用者名稱";
  20.                 //表單驗證開始
  21.                 FormsAuthenticationTicket authTicket = LoginProcess(form.userId);
  22.                 //加密Ticket
  23.                 string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
  24.                 //建立Cookie
  25.                 HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
  26.                 //將建立的Cookie寫入Cookie
  27.                 Response.Cookies.Add(authCookie);
  29.                 return RedirectToAction("Login", "Account");
  30.             }
  32.             else
  33.             {
  34.                 return RedirectToAction("Login", "Account");
  35.             }
  36.         }
  37.         catch (Exception ex)
  38.         {
  39.             return RedirectToAction("Login", "Account");
  40.         }
  41.     }
  43.     private bool ValidateLogin(Login form)
  44.     {
  45.         //DB驗證,AD驗證寫在此 
  46.         return true;
  47.     }
  48.     
  49.     //將登入資訊寫入Ticket
  50.     private FormsAuthenticationTicket LoginProcess(string userId)
  51.     {
  52.         string roles = "test";
  53.         FormsAuthenticationTicket authTicket = 
  54.             new FormsAuthenticationTicket(
  55.                     1,
  56.                     userId,
  57.                     DateTime.Now,
  58.                     DateTime.Now.AddMinutes(20),
  59.                     false,
  60.                     roles//寫入角色之後角色權限使用
  61.                 );
  62.         return authTicket;
  63.     }
  64. }
所有的Controller都繼承BaseController,驗證寫在BaseController[Authorize],若Method或Class不需要驗證則加上[AllowAnonymous] 
  1. [Authorize]
  2. public class BaseController : Controller
  3. {
  4.     protected static NLog.Logger _logger = NLog.LogManager.GetCurrentClassLogger();
  5. }
Web.config 配置
張貼者: 沒有留言:
標籤: , ,
訂閱: 文章 (Atom)