配置文件: <configuration> <system.web> <authentication mode="Forms" > <forms loginUrl = "login.aspx" name = "FORMSAUTHCOOKIE"/> </authentication> <authorization> <deny users="?" /> </authorization> </system.web> </configuration> xml文件: <Users> <Users> <UserEmail>jchen@contoso.com</UserEmail> <UserPassword> BA56E5E0366D003E98EA1C7F04ABF8FCB3753889 </UserPassword> </Users> <Users> <UserEmail>Kim@contoso.com</UserEmail> <UserPassword> 07B7F3EE06F278DB966BE960E7CBBD103DF30CA6 </UserPassword> </Users> </Users> login.aspx文件: <%@ Page LANGUAGE="c#" %> <%@ Import Namespace="System.Data" %> <%@ Import Namespace="System.Data.SqlClient" %> <%@ Import Namespace="System.Web.Security " %> <%@ Import Namespace="System.IO" %> <html> <head> <title>Forms Authentication</title> <script runat=server> private void Login_Click(Object sender, EventArgs e) { if( !Page.IsValid ) { Msg.Text = "Some required fields are invalid."; return; } String cmd = "UserEmail=''" + UserEmail.Value + "''"; DataSet ds = new DataSet(); FileStream fs = new FileStream(Server.MapPath("Users.xml"), FileMode.Open,FileAccess.Read); StreamReader reader = new StreamReader(fs); ds.ReadXml(reader); fs.Close(); DataTable users = ds.Tables[0]; DataRow[] matches = users.Select(cmd); if( matches != null && matches.Length > 0 ) { DataRow row = matches[0]; string hashedpwd = FormsAuthentication.HashPasswordForStoringInConfigFile (UserPass.Value, "SHA1"); String pass = (String)row["UserPassword"]; if( 0 != String.Compare(pass, hashedpwd, false) ) // Tell the user if no password match is found. It is good // security practice give no hints about what parts of the // logon credentials are invalid. Msg.Text = "Invalid Credentials: Please try again"; else // If a password match is found, redirect the request // to the originally requested resource (Default.aspx). FormsAuthentication.RedirectFromLoginPage (UserEmail.Value, Persist.Checked); } else { If no name matches were found, redirect the request to the AddUser page using a Response.Redirect command. Response.Redirect("AddUser/AddUser.aspx"); } } </script> <body> <form runat=server> <span style="background:#80FF80"> <h3><font face="Verdana">Login Page</font></h3></span> <table> <tr> <td>e-mail:</td> <td><input id="UserEmail" type="text" runat=server/></td> <td><ASP:RequiredFieldValidator ControlToValidate="UserEmail" Display="Static" ErrorMessage="*" runat="server"/> </td> <td><asp:RegularExpressionValidator id="RegexValidator" ControlToValidate="UserEmail" ValidationExpression="^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$" EnableClientScript="false" Display="Static" ErrorMessage="Invalid format for e-mail address." runat="server"/> </td> </tr> <tr> <td>Password:</td> <td><input id="UserPass" type=password runat=server/></td> <td><ASP:RequiredFieldValidator ControlToValidate="UserPass" Display="Static" ErrorMessage="*" runat="server"/> </td> </tr> <tr> <td>Persistent Cookies:</td> <td><ASP:CheckBox id=Persist runat="server" autopostback="true" /> </td> <td></td> </tr> </table> <input type="submit" OnServerClick="Login_Click" Value="Login" runat="server"/><p> <asp:Label id="Msg" ForeColor="red" Font-Name="Verdana" Font-Size="10" runat="server" /> </form> </body> </html> addUser.aspx <%@ Page LANGUAGE="c#" %> <%@ Import Namespace="System.Data" %> <%@ Import Namespace="System.Data.SqlClient" %> <%@ Import Namespace="System.Web.Security " %> <%@ Import Namespace="System.IO" %> <html> <head> <title>Forms Authentication</title> <script runat=server> private void Page_Load(Object Src, EventArgs e) { String email = Request.QueryString["UserEmail"]; if( null != email ) UserEmail.Value = email; } private void AddUser_Click(Object sender, EventArgs e) { if( !Page.IsValid ) { Msg.Text = "Some required fields are invalid."; return; } DataSet ds = new DataSet(); String userFile = "users.xml"; FileStream fs = new FileStream(Server.MapPath(userFile), FileMode.Open,FileAccess.Read); StreamReader reader = new StreamReader(fs); ds.ReadXml(reader); fs.Close(); string hashedpwd = FormsAuthentication.HashPasswordForStoringInConfigFile (UserPass.Value, "SHA1"); DataRow newUser = ds.Tables[0].NewRow(); newUser["UserEmail"] = UserEmail.Value; newUser["UserPassword"] = hashedpwd; ds.Tables[0].Rows.Add(newUser); ds.AcceptChanges(); fs = new FileStream(Server.MapPath(userFile), FileMode.Create, FileAccess.Write|FileAccess.Read); StreamWriter writer = new StreamWriter(fs); ds.WriteXml(writer); writer.Close(); fs.Close(); Response.Redirect("Default.aspx"); } </script> <body> <form runat=server> <div style="background:#ccccff"> <h3><font face="Verdana">Add New User</font></h3> </div> <table> <tr> <td>Name:</td> <td><input id="UserEmail" type="text" runat=server/></td> <td><ASP:RequiredFieldValidator ControlToValidate="UserEmail" Display="Static" ErrorMessage="*" runat=server/> </td> <td><asp:RegularExpressionValidator id="RegexValidator" ControlToValidate="UserEmail" ValidationExpression="^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$" EnableClientScript="false" Display="Static" ErrorMessage="Invalid format for e-mail address." runat="server"/> </td> </tr> <tr> <td>Password:</td> <td><input id="UserPass" type=password runat=server/></td> <td><ASP:RequiredFieldValidator ControlToValidate="UserPass" Display="Static" ErrorMessage="*" runat=server/> </td> </tr> <tr> <td>Persistent Forms:</td> <td><ASP:CheckBox id=Persist runat="server" autopostback="true" /> </td> </tr> </table> <input type="submit" OnServerClick="AddUser_Click" Value="Add User" runat="server"/><p> <asp:Label id="Msg" ForeColor="red" Font-Name="Verdana" Font-Si [1] [2] 下一页
|