验证登录代码,请解释
以下是高人(动软卓越)的代码 //验证登录信息,如果验证通过则返回当前用户对象的安全上下文信息
AccountsPrincipal newUser = AccountsPrincipal.ValidateLogin(userName, Password);
if (newUser == null)//登录信息不对
{
this.lblMsg.Text = "登陆失败: " + userName;
if ((Session["PassErrorCountAdmin"] != null) && (Session["PassErrorCountAdmin"].ToString() != ""))
{
int PassErroeCount = Convert.ToInt32(Session["PassErrorCountAdmin"]);
Session["PassErrorCountAdmin"] = PassErroeCount + 1;
}
else
{
Session["PassErrorCountAdmin"] = 1;
}
}
---------------------------------------------------------------------
然后我查看AccountsPrincipal.ValidateLogin的定义,如下
public class AccountsPrincipal : IPrincipal
{
protected IIdentity identity;
protected ArrayList permissionList;
protected ArrayList permissionListid;
protected ArrayList roleList;
public AccountsPrincipal(int userID);
public AccountsPrincipal(string userName);
public IIdentity Identity { get; set; }
public ArrayList Permissions { get; }
public ArrayList PermissionsID { get; }
public ArrayList Roles { get; }
public static byte[] EncryptPassword(string password);
public bool HasPermission(string permission);
public bool HasPermissionID(int permissionid);
public bool IsInRole(string role);
public static AccountsPrincipal ValidateLogin(string userName, string password);
}
我的第一个疑问是 为什么public static AccountsPrincipal ValidateLogin(string userName, string password);下面不在用大括号{}了呢, 光突突的好难看.语法感觉怪怪的.
第二点,我觉得AccountsPrincipal 是继承 IPrincipal ,我查看了一下IPrincipal的类,结果如下
public interface IPrincipal
{
// 摘要:
// Gets the identity of the current principal.
//
// 返回结果:
// The System.Security.Principal.IIdentity object associated with the current
// principal.
IIdentity Identity { get; }
// 摘要:
// Determines whether the current principal belongs to the specified role.
//
// 参数:
// role:
// The name of the role for which to check membership.
//
// 返回结果:
// true if the current principal is a member of the specified role; otherwise,
// false.
bool IsInRole(string role);
}
好简单哦,但是如何成就验证用户名和密码正确,还是一个迷
