你的位置:首页 > ASP.net教程

[ASP.net教程]网站用户登录认证

cookie登录后同域名下的网站保持相同的登录状态。

登录

private void SetAuthCookie(string userId, bool createPersistentCookie)
{
  var ticket = new FormsAuthenticationTicket(2, userId, DateTime.Now, DateTime.Now.AddDays(7), true, "", FormsAuthentication.FormsCookiePath);  string ticketEncrypted = FormsAuthentication.Encrypt(ticket);  HttpCookie cookie;  if (createPersistentCookie)//是否在设置的过期时间内一直有效  {    cookie = new HttpCookie(FormsAuthentication.FormsCookieName, ticketEncrypted)    {      HttpOnly = true,      Path = FormsAuthentication.FormsCookiePath,      Secure = FormsAuthentication.RequireSSL,      Expires = ticket.Expiration,      Domain = "cnblogs.com"//这里设置认证的域名,同域名下包括子域名如aa.cnblogs.com或bb.cnblogs.com都保持相同的登录状态    };  }  else  {    cookie = new HttpCookie(FormsAuthentication.FormsCookieName, ticketEncrypted)    {      HttpOnly = true,      Path = FormsAuthentication.FormsCookiePath,      Secure = FormsAuthentication.RequireSSL,      //Expires = ticket.Expiration,//无过期时间的,浏览器关闭后失效      Domain = "cnblogs.com"    };  }  HttpContext.Current.Response.Cookies.Remove(FormsAuthentication.FormsCookieName);  HttpContext.Current.Response.Cookies.Add(cookie);
}

这样登录后,在同域名下的任何页面都可以得到用户状态

判断用户是否登录

public bool IsAuthenticated{  get  {    bool isPass = System.Web.HttpContext.Current.User.Identity.IsAuthenticated;    if (!isPass)      SignOut();    return isPass;  }}

得到当前的用户名

public string GetCurrentUserId(){   return _httpContext.User.Identity.Name;}