Beispiel #1
0
        protected void Page_Load(object sender, EventArgs e)
        {
            if (!IsPostBack)
            {
                // 1. 读登录Cookie
                HttpCookie cookie = Request.Cookies[FA.FormsCookieName];
                if (cookie == null || string.IsNullOrEmpty(cookie.Value))
                {
                    return;
                }

                try
                {
                    string userData = null;
                    // 2. 解密Cookie值,获取FormsAuthenticationTicket对象
                    FormsAuthenticationTicket ticket = FA.Decrypt(cookie.Value);

                    if (ticket != null && string.IsNullOrEmpty(ticket.UserData) == false)
                    {
                        // 3. 还原用户数据
                        userData = ticket.UserData;
                    }

                    //反序列化对象

                    Context.User = null;
                }
                catch { /* 有异常也不要抛出,防止攻击者试探。 */ }
            }
        }
Beispiel #2
0
        protected void Button1_Click(object sender, EventArgs e)
        {
            if (txtusername.Text == "admin" && txtpwd.Text == "admin")
            {
                //会话性cookie保存于内存中。关闭浏览器则会话性cookie会过期消失;持久化cookie则不会,直至过期时间已到或确认注销。

                FA.SetAuthCookie(txtusername.Text, true);


                #region 票据验证

                string userData = "序列化对象";
                FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
                                                                                 txtusername.Text,
                                                                                 DateTime.Now,
                                                                                 DateTime.Now.AddMinutes(720),
                                                                                 true,
                                                                                 userData,
                                                                                 FA.FormsCookiePath);

                // 加密票证
                string encTicket = FA.Encrypt(ticket);

                // 创建cookie
                HttpCookie cookie = new HttpCookie(FA.FormsCookieName, encTicket);
                cookie.HttpOnly = true;
                cookie.Secure   = FA.RequireSSL;
                cookie.Domain   = FA.CookieDomain;
                cookie.Path     = FA.FormsCookiePath;
                if (ticket.IsPersistent)
                {
                    cookie.Expires = DateTime.Now.AddMinutes(720);
                }

                HttpContext.Current.Response.Cookies.Add(cookie);

                #endregion

                Response.Redirect("admin/index.aspx");
            }
            else
            {
                Response.Write("用户名或密码错误");
            }
        }
Beispiel #3
0
        /// <summary>
        /// 验证微信签名
        /// </summary>
        public bool CheckSignature(string token, string signature, string timestamp, string nonce)
        {
            string[] ArrTmp = { token, timestamp, nonce };

            Array.Sort(ArrTmp);
            string tmpStr = string.Join("", ArrTmp);
            //Membership
            var s=new FormsAuthentication();
            tmpStr = FormsAuthentication.HashPasswordForStoringInConfigFile(tmpStr, "SHA1");//后期要弄个方法取缔它
            tmpStr = tmpStr.ToLower();

            if (tmpStr == signature)
            {
                return true;
            }
            else
            {
                return false;
            }
        }
Beispiel #4
0
 public AccountController(UserManager <ApplicationUser> userManager)
 {
     _userRepository      = new UserRepository();
     _formsAuthentication = new FormsAuthentication();
     UserManager          = userManager;
 }
Beispiel #5
0
 public AccountController()
     : this(new UserManager <ApplicationUser>(new UserStore <ApplicationUser>(new ApplicationDbContext())))
 {
     _userRepository      = new UserRepository();
     _formsAuthentication = new FormsAuthentication();
 }