我们有一个使用基于表单的身份验证(FBA)的WSS 3.0站点。我们想要设置网站,以便某些用户可以自动登录,而不是登录屏幕,我不确定最好的方法。
实际上,基于this article,我已经创建了一个处理登录的HTTP模块。更具体地说,我创建了一个备用登录页面,当该页面被点击时,它会以期望的用户。但是,它会在我关闭浏览器后让用户登录。也就是说,我启动浏览器,转到备用登录页面,触发我的HTTP模块代码并以所需用户身份登录,然后关闭浏览器。当我尝试访问该网站时,网站的标准登录页面被跳过,因为我仍然以较早的用户身份登录该网站。
我想我的问题归结为如何确保我注销?有没有办法用HTTP模块/处理程序执行此操作,还是我想在global.asax中执行某些操作?
答案 0 :(得分:0)
Imports System.Web
Imports System.Web.Security
Imports System.Collections.Specialized
Imports System.Security.Principal
Imports System.Threading
Imports System.Web.UI
Public Class AuthModule
Implements IHttpModule
Public Sub Dispose() Implements System.Web.IHttpModule.Dispose
End Sub
Public Sub Init(ByVal app As System.Web.HttpApplication) Implements System.Web.IHttpModule.Init
AddHandler app.PreRequestHandlerExecute, New EventHandler(AddressOf OnPreRequestHandlerExecute)
End Sub
Public Sub OnPreRequestHandlerExecute(ByVal sender As Object, _
ByVal e As EventArgs)
' Check to see if the alternate page has been accessed
If HttpContext.Current.Request.Url.ToString.ToUpper.EndsWith("AUTOLOGIN.ASPX") Then
' Alternate page has been accessed, so log in using predetermined account
' Retrieve the user name and password
Dim userName As String = "user"
Dim userPassword As String = "password"
' Build the user id
Dim roles As String() = Nothing
Dim webIdentity As New GenericIdentity(userName, "Form")
Dim principal As New GenericPrincipal(webIdentity, roles)
' Specify the user
HttpContext.Current.User = principal
Thread.CurrentPrincipal = principal
' Redirect from the login page to the start page
' Note, this is the line I initially had incorrect. That is, I had the
' second parameter set to True, which will persist the authentication cookie.
' Setting the second parameter to False will cause the authentication cookie
' to go away when the browser is closed. Yeah!
FormsAuthentication.RedirectFromLoginPage(HttpContext.Current.User.Identity.Name.ToString, False)
End If
End Sub
End Class