<system.web>
<authentication mode="Forms">
  <forms name="loginName" loginUrl="/UserInfo/login" cookieless="UseCookies" path="/" protection="All" timeout="30"></forms>
</authentication>
</system.web>

<modules>
  <!--<remove name="FormsAuthentication" />-->
</modules>

 public class UserInfoController : Controller //控制器
 {
 //身份驗(yàn)證過(guò)濾器
  [Authorize]
  public ActionResult Index()
  {
   return View();
  }
 }

   /// <summary>
  /// 用戶登錄
  /// </summary>
  /// <returns></returns>
  public ActionResult login()
  {
   return View();
  }  
  [HttpPost]
  public ActionResult login(loginModels login) {
   if (ModelState.IsValid)
   {
    var model = db.Admininfo.FirstOrDefault(a => a.AdminAccount == login.AdminAccount && a.AdminPwd == login.AdminPwd);
    if (model != null)
    {
     //存入票據(jù)（用戶登錄的時(shí)候去存信息，如果有信息直接去登錄）
     var dtoModel = new Users
     {
      id = model.id,
      AdminPwd = model.AdminPwd,
      AdminAccount=model.AdminAccount
     };
     //調(diào)用
     SetAuthCookie(dtoModel);
     //獲取登錄地址
     var returnUrl = Request["ReturnUrl"];
     //判斷登錄地址是不是空值
     if (!string.IsNullOrWhiteSpace(returnUrl))
     {      
      return Redirect(returnUrl);
     }
     else
     {
      //return RedirectiToAction
      return Redirect("/Home/index");
     }

    }
    else
    {
     ModelState.AddModelError("", "賬號(hào)密碼不對(duì)");
     return View(login);
    }
   }
   else
   {
    ModelState.AddModelError("", "輸入的信息有誤");
    return View(login);

   }

  /// <summary>
  /// 對(duì)登錄賬號(hào)進(jìn)行cookie
  /// </summary>
  /// <param name="model"></param>
  public void SetAuthCookie(Users loginModel) {
   //1、將對(duì)象轉(zhuǎn)換成json
   var userdata = loginModel.ToJson();
   //2、創(chuàng)建票據(jù)FormsAuthenticationTicket
   FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(2,"loginUser",DateTime.Now,DateTime.Now.AddDays(1), false, userdata);
   //對(duì)票據(jù)進(jìn)行加密 
   var tickeEncrypt = FormsAuthentication.Encrypt(ticket);
   //創(chuàng)建Cookie，定義
   HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, tickeEncrypt);
   cookie.HttpOnly = true;
   cookie.Secure = FormsAuthentication.RequireSSL;
   cookie.Domain = FormsAuthentication.CookieDomain;
   cookie.Path = FormsAuthentication.FormsCookiePath;
   cookie.Expires = DateTime.Now.Add(FormsAuthentication.Timeout);
   //先移除cookie，在添加cookie
   Response.Cookies.Remove(FormsAuthentication.FormsCookieName);
   Response.Cookies.Add(cookie);
  } 

 public class loginModels
 {
  /// <summary>
  /// 賬號(hào)
  /// </summary>
  [DisplayName("賬號(hào)")]
  [Required(ErrorMessage = "賬號(hào)不能為空")] 
  public string AdminAccount { get; set; }
  /// <summary>
  /// 密碼
  /// </summary>
  [DisplayName("密碼")]
  [Required(ErrorMessage = "密碼不能為空")]
  public string AdminPwd { get; set; }
 }

protected void Application_AuthenticateRequest(object sender, EventArgs e)
  {
   //1、通過(guò)sender獲取http請(qǐng)求
   // HttpApplication app = new HttpApplication();//實(shí)例化
   HttpApplication app = sender as HttpApplication;
   //2、拿到http上下文
   HttpContext context = app.Context;
   //3、根據(jù)FormsAuthe,來(lái)獲取cookie
   var cookie = context.Request.Cookies[FormsAuthentication.FormsCookieName];
   if (cookie != null)
   {
    //獲取cookie的值
    var ticket = FormsAuthentication.Decrypt(cookie.Value);
    if (!string.IsNullOrWhiteSpace(ticket.UserData))
    {
     //把一個(gè)字符串類別變成實(shí)體模型
     var model = ticket.UserData.ToObject<AdmininfoViewModel>();
     //var acount = model.AdminAccount; //獲取賬號(hào)
     context.User = new MyFormsPrincipal<AdmininfoViewModel>(ticket, model);
     //MyFormsPrincipal.Identity = new FormsIdentity(ticket);
     // MyFormsPrincipal.userdata;

    }
   }
  }

  /// <summary>
  /// 退出登錄
  /// </summary>
  public ActionResult loginout()
  {
   //刪除票據(jù)
   FormsAuthentication.SignOut();
   //清除cookie
   Response.Cookies[FormsAuthentication.FormsCookieName].Expires = DateTime.Now.AddDays(-1);
   Response.Cookies.Remove(FormsAuthentication.FormsCookieName);
   return RedirectToAction("Index", "Home");
 
  }

@Html.ActionLink("安全退出","loginout","Users")