.net实现网站用户登录认证

private void setauthcookie(string userid, bool createpersistentcookie)
{
　　var ticket = new formsauthenticationticket(2, userid, datetime.now, datetime.now.adddays(7), true, "", formsauthentication.formscookiepath);
　　string ticketencrypted = formsauthentication.encrypt(ticket);

　　httpcookie cookie;
　　if (createpersistentcookie)//是否在设置的过期时间内一直有效
　　{
　　　　cookie = new httpcookie(formsauthentication.formscookiename, ticketencrypted)
　　　　{
　　　　　　httponly = true,
　　　　　　path = formsauthentication.formscookiepath,
　　　　　　secure = formsauthentication.requiressl,
　　　　　　expires = ticket.expiration,
　　　　　　domain = "cnblogs.com"//这里设置认证的域名，同域名下包括子域名如aa.cnblogs.com或bb.cnblogs.com都保持相同的登录状态
　　　　};
　　}
　　else
　　{
　　　　cookie = new httpcookie(formsauthentication.formscookiename, ticketencrypted)
　　　　{
　　　　　　httponly = true,
　　　　　　path = formsauthentication.formscookiepath,
　　　　　　secure = formsauthentication.requiressl,
　　　　　　//expires = ticket.expiration,//无过期时间的，浏览器关闭后失效
　　　　　　domain = "cnblogs.com"
　　　　};
　　}

　　httpcontext.current.response.cookies.remove(formsauthentication.formscookiename);
　　httpcontext.current.response.cookies.add(cookie);
}

public bool isauthenticated
{
　　get
　　{
　　　　bool ispass = system.web.httpcontext.current.user.identity.isauthenticated;

　　　　if (!ispass)
　　　　　　signout();

　　　　return ispass;
　　}
}

public string getcurrentuserid()
{
   return _httpcontext.user.identity.name;
}

using system;
using system.data;
using system.configuration;
using system.collections;
using system.web;
using system.web.security;
using system.web.ui;
using system.web.ui.webcontrols;
using system.web.ui.webcontrols.webparts;
using system.web.ui.htmlcontrols;
using system.data.sqlclient;

public partial class login : system.web.ui.page
{
protected void page_load(object sender, eventargs e)
{

}
protected void button1_click(object sender, eventargs e)
{ 

string connstring = convert.tostring(configurationmanager.connectionstrings["001connectionstring"]);
//001connectionstring是我在webconfig里配置的数据库连接。
sqlconnection conn = new sqlconnection(connstring); 
string strsql = "select * from user_table where user_name='" + username.text + "' and password='" + password.text + "'";
sqlcommand cmd = new sqlcommand(strsql, conn);
conn.open();
sqldatareader dr = cmd.executereader(commandbehavior.closeconnection);

if (dr.read())
{ 
response.redirect("index.aspx");
conn.close();
}
else
{
failuretext.text = "登陆失败,请检查登陆信息!";
conn.close();
response.write("<script language=javascript>alert('登陆失败!.');</script>");
}
}

protected void button2_click(object sender, eventargs e) //文本框重置按钮
{
username.text = "";
password.text = "";

}
}

<%@ page language="c#" autoeventwireup="true" codefile="login.aspx.cs" inherits="login" %>

<!doctype html public "-//w3c//dtd xhtml 1.0 transitional//en" " http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd">

<html xmlns=" http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>无标题页</title>
</head>
<body>
<form id="form1" runat="server"> 
<asp:panel id="panel1" runat="server" height="101px" width="231px" wrap="false">
<table>
<tr>
<td align="center" colspan="2">
用户登陆</td>
</tr>
<tr>
<td style="width: 89px">
用户名:</td>
<td style="width: 100px">
<asp:textbox id="username" runat="server" wrap="false"></asp:textbox></td>
</tr>
<tr>
<td style="width: 89px">
密码:</td>
<td style="width: 100px">
<asp:textbox id="password" runat="server" textmode="password" width="148px" wrap="false" ></asp:textbox></td>
</tr>
<tr>
<td align="center" colspan="2" style="text-align: center">
<asp:button id="button1" runat="server" text="登陆" width="50px" onclick="button1_click" />
<asp:button id="button2" runat="server" text="重置" width="50px" onclick="button2_click" /></td>
</tr>
<tr>
<td align="center" colspan="2">
<asp:label id="failuretext" runat="server" width="77px"></asp:label></td>
</tr>
</table>
</asp:panel>

</form>
</body>
</html>