关于form验证的处理片断

        public virtual void SignIn(s_User user, bool createPersistentCookie)
        {
            var now = DateTime.UtcNow.ToLocalTime();
 
            //01 实例化一个form表单身份验证票证
            //FormsAuthenticationTicket(int version, string name, DateTime issueDate, DateTime expiration, bool isPersistent, string userData, string cookiePath);
            var ticket = new FormsAuthenticationTicket(
                 /*version*/,                //票证的版本号
                user.Nickname,                //用户名
                now,                          //发生时间
                now.Add(_expirationTimeSpan), //过期时间，通常用FormsAuthentication.Timeout作默认值
                createPersistentCookie,       //true存储在cookie,false存储在url，这个用户选择，“记住我”
                user.Email,                   //用户数据，这里只保存了email
                FormsAuthentication.FormsCookiePath); //Cookie存放路径，通常用FormsAuthentication.FormsCookiePath作默认值
 
            //02 将票证加密成适合cookie保存的字符串
            string encryptedTicket = FormsAuthentication.Encrypt(ticket);
 
            //03 将加密后的字符串写入cookie
            HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
            cookie.HttpOnly = true; //不允许客户端脚本访问cookie,仅限http访问
            if (ticket.IsPersistent)//如果票证需要持久化，指定cookie过期时间
            {
                cookie.Expires = ticket.Expiration;
            }
            //使用https传输此cookie
            cookie.Secure = FormsAuthentication.RequireSSL;
            cookie.Path = FormsAuthentication.FormsCookiePath;
            if (FormsAuthentication.CookieDomain != null)
            {
                cookie.Domain = FormsAuthentication.CookieDomain;
            }
 
            _httpContext.Response.Cookies.Add(cookie);
            _cachedUser = user;
 
            //如果想用默认的方式处理，不写上面那么多：FormsAuthentication.SetAuthCookie(loginName, true);
       }
 
        //验证当前通过验证的用户
        public virtual s_User GetAuthenticatedUser()
        {
            //如果有缓存的用户，就返回缓存的用户  //如果是基于http会话级的生命周期注入方式，则是可以这样写的
            if (_cachedUser != null) return _cachedUser;
 
            if (_httpContext == null ||                     //如果httpContext为空
                _httpContext.Request == null ||             // 或httpContext.Request为空 Request.IsAuthenticated为假就返回 空
                !_httpContext.Request.IsAuthenticated ||    // 或或httpContext.Request.IsAuthenticated = false
                !(_httpContext.User.Identity is FormsIdentity)) //_httpContext.User.Identity的票证不是 FormsIdentity
            {
                return null;                                // 都返回null, 即用户验证失败
            }
 
            //获取会话中的表单身份验证票证[这个user封装了读cookie,解密cookie，验证转换的过程]
            var formsIdentity = (FormsIdentity)_httpContext.User.Identity;
 
            //从formsIdentity.Ticket.UserData取email
            var userEmail = formsIdentity.Ticket.UserData;
 
            //如果email验证失败，则验证失败
            if (String.IsNullOrWhiteSpace(userEmail)) return null;
 
            //用email去查询数据库，获取user
            var user = _userService.GetUserByEmail(userEmail);
 
            //如果是合法用户，返回当前合法用户
            if (user != null && user.Active ) _cachedUser = user;
            return user;
        }
 
        public virtual void SignOut()
        {
            _cachedUser = null;
            FormsAuthentication.SignOut();
        }