我希望在我的 ASP.NET 应用程序中实现 Facebook 和 GMail 的功能。
我结合使用了窗口和表单登录,所有这些都运行良好。
我有一个包含以下代码的登录页面:
public const int LOGON32_LOGON_INTERACTIVE = 2;
public const int LOGON32_PROVIDER_DEFAULT = 0;
IntPtr token;
IntPtr tokenDuplicate;
[DllImport("advapi32.dll", SetLastError = true)]
public static extern int LogonUserA(String lpszUserName,
String lpszDomain,
String lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken);
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern int DuplicateToken(IntPtr hToken,
int impersonationLevel,
ref IntPtr hNewToken);
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern bool RevertToSelf();
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public static extern bool CloseHandle(IntPtr handle);
protected void LoginButton_Click(object sender, EventArgs e)
{
if (LogonUserA(userName, Domain.Text, Password.Text, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref token) == 0)
{
BadCredentials.Visible = true;
BadCredentials.Text = "Not A Valid User";
Global.logger.Info("LogonUserA failed with GetLastWin32Error code =" + Marshal.GetLastWin32Error());
return;
}
Global.logger.Info("LogonUserA is sucessful");
if (DuplicateToken(token, 2, ref tokenDuplicate) == 0)
{
BadCredentials.Visible = true;
BadCredentials.Text = "Internal Error: DuplicateToken failed";
return;
}
Session["TokenDuplicate"] = tokenDuplicate;
if (new GUIUtility().impersonateValidUser(Session) == false)
{
BadCredentials.Visible = true;
BadCredentials.Text = "Impersonation failed";
return;
}
if (GUIUtility.IsUserPartOfWindowsGroup(compUsrNameForEncryption, adminGroupName) == true)
{
// The user is Instance Admin
BadCredentials.Visible = false;
}
// Create the authentication ticket
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, // version
UserName.Text, // user name
DateTime.Now, // creation
DateTime.Now.AddMinutes(60),// Expiration
false, // Persistent
role); // User data
// Now encrypt the ticket.
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
// Create a cookie and add the encrypted ticket to the
// cookie as data.
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
//authCookie.Secure = FormsAuthentication.RequireSSL;
// Add the cookie to the outgoing cookies collection.
HttpContext.Current.Response.Cookies.Add(authCookie);
//Response.Redirect(FormsAuthentication.GetRedirectUrl(UserName.Text, false));
Response.Redirect("~/Default.aspx");
// Company Admin has logged on
}
这是我的 web.config 中有用的内容:
<authentication mode="Forms">
<forms loginUrl="Login.aspx" defaultUrl="~/Default.aspx" name="GUI" slidingExpiration="true" timeout="30" path="/">
</forms>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
<sessionState mode="InProc" cookieless="false" timeout="30"/>
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
-->
<customErrors mode="On" defaultRedirect="~/Login.aspx">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>
我的 global.ascx 中的这段代码:
protected void Application_BeginRequest(object sender, EventArgs e)
{
try
{
string cookieName = FormsAuthentication.FormsCookieName.ToString();
HttpCookie authCookie = Context.Request.Cookies[cookieName];
if (null != authCookie)
{
authCookie.Secure = true;
}
}
catch (Exception ex)
{
Global.logger.Error("Application_BeginRequest: Exception: " + ex);
}
}
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
// Extract the forms authentication cookie
string redirectSecureUrl = Request.Url.ToString();
string cookieName = FormsAuthentication.FormsCookieName.ToString();
HttpCookie authCookie = Context.Request.Cookies[cookieName];
if (null == authCookie)
{
// There is no authentication cookie.
return;
}
FormsAuthenticationTicket authTicket = null;
try
{
authTicket = FormsAuthentication.Decrypt(authCookie.Value);
}
catch (Exception ex)
{
Global.logger.Error("Application_AuthenticateRequest: Exception: " + ex);
return;
}
if (null == authTicket)
{
// Cookie failed to decrypt.
return;
}
// When the ticket was created, the UserData property was assigned a
// pipe delimited string of role names.
string[] roles = authTicket.UserData.Split(new char[] { '|' });
// Create an Identity object
FormsIdentity id = new FormsIdentity(authTicket);
// This principal will flow throughout the request.
GenericPrincipal principal = new GenericPrincipal(id, roles);
// Attach the new principal object to the current HttpContext object
Context.User = principal;
}
如果我将持久性 cookie 设置为 true 而不是 false,会发生什么情况?
谢谢。
最佳答案
供引用...
如果您使用 true,将创建一个具有固定到期日期的 cookie,而不是仅用于 session 的 cookie。 cookie 和因此身份验证票将在浏览器关闭后继续存在。
西蒙
关于c# - 让我登录以进行 Windows + 表单登录,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/5956224/