C# 让我登录windows+;表单登录
我想在我的ASP.NET应用程序中实现Facebook和GMail的功能 我使用windows和窗体登录的组合,所有这些都很好地工作 我有一个登录页面,其代码如下:C# 让我登录windows+;表单登录,c#,asp.net,cookies,login,C#,Asp.net,Cookies,Login,我想在我的ASP.NET应用程序中实现Facebook和GMail的功能 我使用windows和窗体登录的组合,所有这些都很好地工作 我有一个登录页面,其代码如下: public const int LOGON32_LOGON_INTERACTIVE = 2; public const int LOGON32_PROVIDER_DEFAULT = 0; IntPtr token; IntPtr tokenDuplicate; [DllImport("a
public const int LOGON32_LOGON_INTERACTIVE = 2;
public const int LOGON32_PROVIDER_DEFAULT = 0;
IntPtr token;
IntPtr tokenDuplicate;
[DllImport("advapi32.dll", SetLastError = true)]
public static extern int LogonUserA(String lpszUserName,
String lpszDomain,
String lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken);
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern int DuplicateToken(IntPtr hToken,
int impersonationLevel,
ref IntPtr hNewToken);
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern bool RevertToSelf();
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public static extern bool CloseHandle(IntPtr handle);
protected void LoginButton_Click(object sender, EventArgs e)
{
if (LogonUserA(userName, Domain.Text, Password.Text, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref token) == 0)
{
BadCredentials.Visible = true;
BadCredentials.Text = "Not A Valid User";
Global.logger.Info("LogonUserA failed with GetLastWin32Error code =" + Marshal.GetLastWin32Error());
return;
}
Global.logger.Info("LogonUserA is sucessful");
if (DuplicateToken(token, 2, ref tokenDuplicate) == 0)
{
BadCredentials.Visible = true;
BadCredentials.Text = "Internal Error: DuplicateToken failed";
return;
}
Session["TokenDuplicate"] = tokenDuplicate;
if (new GUIUtility().impersonateValidUser(Session) == false)
{
BadCredentials.Visible = true;
BadCredentials.Text = "Impersonation failed";
return;
}
if (GUIUtility.IsUserPartOfWindowsGroup(compUsrNameForEncryption, adminGroupName) == true)
{
// The user is Instance Admin
BadCredentials.Visible = false;
}
// Create the authentication ticket
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, // version
UserName.Text, // user name
DateTime.Now, // creation
DateTime.Now.AddMinutes(60),// Expiration
false, // Persistent
role); // User data
// Now encrypt the ticket.
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
// Create a cookie and add the encrypted ticket to the
// cookie as data.
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
//authCookie.Secure = FormsAuthentication.RequireSSL;
// Add the cookie to the outgoing cookies collection.
HttpContext.Current.Response.Cookies.Add(authCookie);
//Response.Redirect(FormsAuthentication.GetRedirectUrl(UserName.Text, false));
Response.Redirect("~/Default.aspx");
// Company Admin has logged on
}
这是my web.config上的有用信息:
<authentication mode="Forms">
<forms loginUrl="Login.aspx" defaultUrl="~/Default.aspx" name="GUI" slidingExpiration="true" timeout="30" path="/">
</forms>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
<sessionState mode="InProc" cookieless="false" timeout="30"/>
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
-->
<customErrors mode="On" defaultRedirect="~/Login.aspx">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>
如果我将持久cookie设置为true而不是false,会发生什么
谢谢。供参考
如果使用true,将创建具有固定到期日期的cookie,而不是仅会话cookie。cookie&因此,身份验证票证将在浏览器关闭后仍然有效
西蒙我试着把它改成假的,但行为还是没有改变。。当打开登录页面并登录一次,然后打开浏览器的新窗口并尝试打开网站时,我不需要再次登录。。但是,当我关闭所有窗口并再次打开应用程序时,我会返回到登录屏幕。因此,我希望它继续登录,而不要求他再次登录,除非我按SignOut。你似乎正在做大量的工作,而框架可以为你做这些工作。将cookie设置为persistant,它将不再只是会话,并将持续您设置的时间,无论您是否打开和关闭浏览器。@Simon,为什么不将其作为答案而不是注释发布,以便他们可以将其标记为正确答案(如果是)。您能给我举个例子或一些参考资料吗。。对于创建持久的cookie->
protected void Application_BeginRequest(object sender, EventArgs e)
{
try
{
string cookieName = FormsAuthentication.FormsCookieName.ToString();
HttpCookie authCookie = Context.Request.Cookies[cookieName];
if (null != authCookie)
{
authCookie.Secure = true;
}
}
catch (Exception ex)
{
Global.logger.Error("Application_BeginRequest: Exception: " + ex);
}
}
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
// Extract the forms authentication cookie
string redirectSecureUrl = Request.Url.ToString();
string cookieName = FormsAuthentication.FormsCookieName.ToString();
HttpCookie authCookie = Context.Request.Cookies[cookieName];
if (null == authCookie)
{
// There is no authentication cookie.
return;
}
FormsAuthenticationTicket authTicket = null;
try
{
authTicket = FormsAuthentication.Decrypt(authCookie.Value);
}
catch (Exception ex)
{
Global.logger.Error("Application_AuthenticateRequest: Exception: " + ex);
return;
}
if (null == authTicket)
{
// Cookie failed to decrypt.
return;
}
// When the ticket was created, the UserData property was assigned a
// pipe delimited string of role names.
string[] roles = authTicket.UserData.Split(new char[] { '|' });
// Create an Identity object
FormsIdentity id = new FormsIdentity(authTicket);
// This principal will flow throughout the request.
GenericPrincipal principal = new GenericPrincipal(id, roles);
// Attach the new principal object to the current HttpContext object
Context.User = principal;
}