步骤:
1. 登录时手动设置FormsAuthenticationTicket,代码如下:
// 可手动添加FormsAuthenticationTicket
FormsAuthenticationTicket Ticket = new FormsAuthenticationTicket(1, "username", DateTime.Now, DateTime.Now.AddMinutes(20), false, "admin");
// 加密
string HashTicket = FormsAuthentication.Encrypt(Ticket);
// 生成cookie
HttpCookie UserCookie = new HttpCookie(FormsAuthentication.FormsCookieName, HashTicket);
// 身份验证票Cookie输出到客户端
Response.Cookies.Add(UserCookie);
2.在Global中增加以下代码:
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
//Construst the GeneralPrincipal and FormsIdentity objects
HttpCookie authCookie = Context.Request.Cookies[FormsAuthentication.FormsCookieName];
if (null == authCookie)
{
//no authentication cokie present
return;
}
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
if (null == authTicket)
{
//could not decrypt cookie
return;
}
//get the role
string[] role = authTicket.UserData.Split(new char[] { ',' });
FormsIdentity id = new FormsIdentity(authTicket);
Context.User = new GenericPrincipal(id, role);
}
这样,我们在程序中就可以使用[Authorize(Roles="admin")]进行验证了。