1、在web.config的system.web节点增加authentication节点,定义如下:
<system.web> <compilation debug="true" targetFramework="4.5.2"/> <httpRuntime targetFramework="4.5.2"/> <authentication mode="Forms"> <forms loginUrl="~/Account/Login" timeout="2880"> <credentials passwordFormat="Clear"> <user name="user" password="pwd001"/> <user name="admin" password="pwd002"/> </credentials> </forms> </authentication> </system.web>
2,新增AccountController。
public class AccountController : Controller { // 用于初期表示用 public ActionResult Login() { return View(); } // 登录按钮 [HttpPost] public ActionResult Login(string username, string password, string returnUrl) { bool result = FormsAuthentication.Authenticate(username, password); if (result) { FormsAuthentication.SetAuthCookie(username, false); return Redirect(returnUrl ?? Url.Action("Index", "Admin")); } else { ModelState.AddModelError("", "Incorrect username or password"); return View(); } } }
@{ Layout = null; } <!DOCTYPE html> <html> <head> <meta name="viewport" content="width=device-width" /> <title></title> </head> <body> @using (Html.BeginForm()) { @Html.ValidationSummary() <p><label>Username:</label><input name="username" type="text" /></p> <p><label>Password:</label><input name="password" type="password" /></p> <input type="submit" value="Log in"/> } </body> </html>
4、浏览器输入http://localhost:44324/Account/Login,输入web.config中定义的用户名和密码,成功就会进入Admin/Index页面。
5、其他页面如何进行认证?
1)在action中加Request.IsAuthenticated判断
public class AdminController : Controller { // GET: Admin public string Index() { if (!Request.IsAuthenticated) { FormsAuthentication.RedirectToLoginPage(); } return "welcome to Admin page!"; } }
2)在action方法上加Authorize特性
public class AdminController : Controller { // GET: Admin [Authorize] public string Index() { return "welcome to Admin page!"; } }
3)在controller上加Authorize特性(所有的action都会应用上)
[Authorize] public class AdminController : Controller { // GET: Admin public string Index() { return "welcome to Admin page!"; } }