I Use windows authentication with profile and wanted to flip to a custom authentication.
My question is How can I specify that my user is authenticated and how to set the Profile.UserName. I Know the Profile.UserName is ReadOnly . In 开发者_如何学Gomy Web.Config, i change theauthentication mode="None"
and configure IIS to enabled Anonymous.
In the global.asax I verify if a Cookie exist for the user, If not, the user is redirect to a login page. When he submit, I create the cookie and at this moment, I would set the profile info.
If someone can just give me some link about that, I would really appreciate.
It sounds like Forms Authentication can handle what you need. Add the following line to your root web.config
<authentication mode="Forms">
<forms name="XXXXX.ASPXAUTH" timeout="60" loginUrl="~/login.aspx" protection="All" path="/"></forms>
</authentication>
Replace the XXX's with whatever you want to call your cookie. Also rename login.aspx to whatever you named your login page. This code will redirect anyone who is not authenticated to the login page.
Then, in your login logic use something like the following C# code
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, txtUsername.Text,
DateTime.Now, DateTime.Now.AddMinutes(60), true, reader["user_level"] + "",
FormsAuthentication.FormsCookiePath);
string hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash);
if (ticket.IsPersistent) cookie.Expires = ticket.Expiration;
Response.Cookies.Add(cookie);
With this code, you will want to send in the user level of the person logging in (i.e. Administrator, User, etc) where I have "reader[..."
The last thing you need to do is set up each protected directory with it's own web.config that outlines the user roles that are allowed and the roles that are denied. The names you use for the roles in the web.config needs to be consistent to the values that are sent in to the FormsAuthenticationTicket and you'll be good to go.
精彩评论