配置文件:
1<configuration>
2<system.web>
3<authentication mode="Forms">
4<forms loginurl="login.aspx" name="FORMSAUTHCOOKIE"></forms>
5</authentication>
6<authorization>
7<deny users="?"></deny>
8</authorization>
9</system.web>
10</configuration>
xml文件:
1<users>
2<users>
3<useremail>[email protected]</useremail>
4<userpassword>
5BA56E5E0366D003E98EA1C7F04ABF8FCB3753889
6</userpassword>
7</users>
8<users>
9<useremail>[email protected]</useremail>
10<userpassword>
1107B7F3EE06F278DB966BE960E7CBBD103DF30CA6
12</userpassword>
13</users>
14</users>
login.aspx文件:
1@ Page LANGUAGE="c#"
1@ Import Namespace="System.Data"
1@ Import Namespace="System.Data.SqlClient"
1@ Import Namespace="System.Web.Security "
1@ Import Namespace="System.IO"
1<html>
2<head>
3<title>Forms Authentication</title>
4<script runat="server">
5private void Login_Click(Object sender, EventArgs e)
6{
7if( !Page.IsValid )
8{
9Msg.Text = "Some required fields are invalid.";
10return;
11}
12String cmd = "UserEmail='" + UserEmail.Value + "'";
13DataSet ds = new DataSet();
14FileStream fs = new FileStream(Server.MapPath("Users.xml"),
15FileMode.Open,FileAccess.Read);
16StreamReader reader = new StreamReader(fs);
17ds.ReadXml(reader);
18fs.Close();
19DataTable users = ds.Tables[0];
20DataRow[] matches = users.Select(cmd);
21if( matches != null && matches.Length > 0 )
22{
23DataRow row = matches[0];
24string hashedpwd =
25FormsAuthentication.HashPasswordForStoringInConfigFile
26(UserPass.Value, "SHA1");
27String pass = (String)row["UserPassword"];
28if( 0 != String.Compare(pass, hashedpwd, false) )
29// Tell the user if no password match is found. It is good
30// security practice give no hints about what parts of the
31// logon credentials are invalid.
32Msg.Text = "Invalid Credentials: Please try again";
33else
34// If a password match is found, redirect the request
35// to the originally requested resource (Default.aspx).
36FormsAuthentication.RedirectFromLoginPage
37(UserEmail.Value, Persist.Checked);
38}
39else
40{
41If no name matches were found, redirect the request to the AddUser page using a Response.Redirect command.
42Response.Redirect("AddUser/AddUser.aspx");
43}
44}
45</script>
46<body>
47<form runat="server">
48<span style="background:#80FF80">
49<h3><font face="Verdana">Login Page</font></h3></span>
50<table>
51<tr>
52<td>e-mail:</td>
53<td><input id="UserEmail" runat="server/" type="text"/></td>
54<td><asp:requiredfieldvalidator controltovalidate="UserEmail" display="Static" errormessage="*" runat="server"></asp:requiredfieldvalidator>
55</td>
56<td><asp:regularexpressionvalidator controltovalidate="UserEmail" display="Static" enableclientscript="false" errormessage="Invalid format for e-mail address." id="RegexValidator" runat="server" validationexpression="^([a-zA-Z0-9_\\-\\.]+)@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.)|(([a-zA-Z0-9\\-]+\\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\\]?)$"></asp:regularexpressionvalidator>
57</td>
58</tr>
59<tr>
60<td>Password:</td>
61<td><input id="UserPass" runat="server/" type="password"/></td>
62<td><asp:requiredfieldvalidator controltovalidate="UserPass" display="Static" errormessage="*" runat="server"></asp:requiredfieldvalidator>
63</td>
64</tr>
65<tr>
66<td>Persistent Cookies:</td>
67<td><asp:checkbox autopostback="true" id="Persist" runat="server"></asp:checkbox>
68</td>
69<td></td>
70</tr>
71</table>
72<input onserverclick="Login_Click" runat="server" type="submit" value="Login"><p>
73<asp:label font-name="Verdana" font-size="10" forecolor="red" id="Msg" runat="server"></asp:label>
74</p></input></form>
75</body>
76</head></html>
addUser.aspx
1@ Page LANGUAGE="c#"
1@ Import Namespace="System.Data"
1@ Import Namespace="System.Data.SqlClient"
1@ Import Namespace="System.Web.Security "
1@ Import Namespace="System.IO"
1<html>
2<head>
3<title>Forms Authentication</title>
4<script runat="server">
5private void Page_Load(Object Src, EventArgs e)
6{
7String email = Request.QueryString["UserEmail"];
8if( null != email )
9UserEmail.Value = email;
10}
11private void AddUser_Click(Object sender, EventArgs e)
12{
13if( !Page.IsValid )
14{
15Msg.Text = "Some required fields are invalid.";
16return;
17}
18DataSet ds = new DataSet();
19String userFile = "users.xml";
20FileStream fs = new FileStream(Server.MapPath(userFile),
21FileMode.Open,FileAccess.Read);
22StreamReader reader = new StreamReader(fs);
23ds.ReadXml(reader);
24fs.Close();
25string hashedpwd =
26FormsAuthentication.HashPasswordForStoringInConfigFile
27(UserPass.Value, "SHA1");
28DataRow newUser = ds.Tables[0].NewRow();
29newUser["UserEmail"] = UserEmail.Value;
30newUser["UserPassword"] = hashedpwd;
31ds.Tables[0].Rows.Add(newUser);
32ds.AcceptChanges();
33fs = new FileStream(Server.MapPath(userFile), FileMode.Create,
34FileAccess.Write|FileAccess.Read);
35StreamWriter writer = new StreamWriter(fs);
36ds.WriteXml(writer);
37writer.Close();
38fs.Close();
39Response.Redirect("Default.aspx");
40}
41</script>
42<body>
43<form runat="server">
44<div style="background:#ccccff">
45<h3><font face="Verdana">Add New User</font></h3>
46</div>
47<table>
48<tr>
49<td>Name:</td>
50<td><input id="UserEmail" runat="server/" type="text"/></td>
51<td><asp:requiredfieldvalidator controltovalidate="UserEmail" display="Static" errormessage="*" runat="server/">
52</asp:requiredfieldvalidator></td>
53<td><asp:regularexpressionvalidator controltovalidate="UserEmail" display="Static" enableclientscript="false" errormessage="Invalid format for e-mail address." id="RegexValidator" runat="server" validationexpression="^([a-zA-Z0-9_\\-\\.]+)@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.)|(([a-zA-Z0-9\\-]+\\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\\]?)$"></asp:regularexpressionvalidator>
54</td>
55</tr>
56<tr>
57<td>Password:</td>
58<td><input id="UserPass" runat="server/" type="password"/></td>
59<td><asp:requiredfieldvalidator controltovalidate="UserPass" display="Static" errormessage="*" runat="server/">
60</asp:requiredfieldvalidator></td>
61</tr>
62<tr>
63<td>Persistent Forms:</td>
64<td><asp:checkbox autopostback="true" id="Persist" runat="server"></asp:checkbox>
65</td>
66</tr>
67</table>
68<input onserverclick="AddUser_Click" runat="server" type="submit" value="Add User"><p>
69<asp:label font-name="Verdana" font-size="10" forecolor="red" id="Msg" runat="server"></asp:label>
70</p></input></form>
71</body>
72</head></html>
Default.aspx
1@ Page LANGUAGE="c#"
1<html>
2<title>Forms Authentication</title>
3<script runat="server">
4private void Page_Load(Object Src, EventArgs e)
5{
6Welcome.InnerHtml = "Hello, " +
7Server.HtmlEncode(User.Identity.Name);
8}
9private void Signout_Click(Object sender, EventArgs e)
10{
11FormsAuthentication.SignOut();
12Response.Write("Logged out - cookie deleted.");
13}
14</script>
15<body>
16<h3><font face="Verdana">Forms Authentication Example</font></h3>
17<span id="Welcome" runat="server/">
18<form runat="server">
19<input onserverclick="Signout_Click" runat="server" type="submit" value="Signout"><p>
20</p></input></form>
21</span></body>
22</html>