1. Add the authentication node to the system.web node of web.config, which is defined as follows:
<system.web> <compilation debug="true" targetFramework="4.5.2"/> <httpRuntime targetFramework="4.5.2"/> <authentication mode="Forms"> <forms loginUrl="~/Account/Login" timeout="2880"> <credentials passwordFormat="Clear"> <user name="user" password="pwd001"/> <user name="admin" password="pwd002"/> </credentials> </forms> </authentication> </system.web>
2,新增AccountController。
public class AccountController : Controller { // Use public ActionResult Login() for initial presentation { return View(); } // Login button [HttpPost] public ActionResult Login( string username, string password, string returnUrl) { bool result = FormsAuthentication.Authenticate(username, password); if (result) { FormsAuthentication.SetAuthCookie(username, false); return Redirect(returnUrl ?? Url.Action("Index", "Admin")); } else { ModelState.AddModelError("", "Incorrect username or password"); return View(); } } }
@{ Layout = null; } <!DOCTYPE html> <html> <head> <meta name="viewport" content="width=device-width" /> <title></title> </head> <body> @using (Html.BeginForm()) { @Html.ValidationSummary() <p><label>Username:</label><input name="username" type="text" /></p> <p><label>Password:</label><input name="password" type="password" /></p> <input type="submit" value="Log in"/> } </body> </html>
4. Enter http://localhost:44324/Account/Login in the browser, enter the username and password defined in web.config, and successfully enter the Admin/Index page.
5. How to authenticate other pages?
1) Add Request.IsAuthenticated judgment to action
public class AdminController : Controller { // GET: Admin public string Index() { if (!Request.IsAuthenticated) { FormsAuthentication.RedirectToLoginPage(); } return "welcome to Admin page!"; } }
2) Add the Authorize feature to the action method
public class AdminController : Controller { // GET: Admin [Authorize] public string Index() { return "welcome to Admin page!"; } }
3) Add the Authorize feature to the controller (all actions will be applied)
[Authorize] public class AdminController : Controller { // GET: Admin public string Index() { return "welcome to Admin page!"; } }