日期:2014-05-17 浏览次数:20459 次
用户名验证通过后创建cookie:
HttpCookie cookie = new HttpCookie("MyCookie");
cookie.Expires = DateTime.Now.AddHours(1);
cookie.Values.Add("UserID", User.ID);
cookie.Values.Add("UserName", User.UserName);
Response.Cookies.Add(cookie);
Response.Redirect("~/Default.aspx");
用户身份处理程序:
HttpApplication application = (HttpApplication)sender;
string url = HttpContext.Current.Request.Url.ToString();
int start = url.LastIndexOf('/') + 1;
int end = url.IndexOf('?', start);
if (end < 0)
end = url.Length - 1;
string page = null;
page = url.Substring(start, end - start + 1);
page = page.ToLower();
if (page == "login.aspx") //若请求为登陆页,则不需验证,直接返回
return;
if (isPublicResource(page)) return; //若为公共页面,则直接返回
HttpCookie cookie = HttpContext.Current.Request.Cookies["MyCookie"]; //获取cookie
if (cookie == null)
{
application.Response.Redirect("~/Login.aspx");
return;
}
string userId = cookie.Values["UserID"];
if(userId == null) //这两行是我加的调试代码,单步时发现可以成功获
throw new execption("异常"); // 取cookie,但里面的UserID为空值,结果抛出异常
if (userId == "01")
{
return;
}
if (RoleRightBLL.canAccessPage(userId, page))
return;
&nb