About ASP. NET "Forms authentication", asp. netforms

About ASP. NET "Forms authentication", asp. netforms

The directory structure is shown as follows:

 

If the user does not pass identity authentication, the logon page is displayed to allow the user to log on. Add the following code under the <system. web> </system. web> node in the configuration file:

<! -- Authentication method -->

<Authentication mode = "Forms">

<Forms loginUrl = "~ /Login. aspx "/>

</Authentication>

<! -- Authorize -->

<Authorization>

<! -- Deny: Block ,? : Anonymous user, *: All Users -->

<Deny users = "? "/>

</Authorization>

The logon background code is (here, both the user name and password are set to admin, chkPWD: Remember the password ):

First, import the namespace: using System. Web. Security;

If (TextBox1.Text = "admin" & TextBox2.Text = "admin ")

{

// Redirect the authenticated user back to the original request page (for example, if the user is not logged on, click Default. aspx to enter ShoppingCard. aspx,
Because ShoppingCard. aspx does not allow anonymous users to access it, the page jumps to Login. aspx. After the verification is passed, the page is automatically redirected to ShoppingCard. aspx)
If you click Reg. aspx in the Public directory to jump to Login. aspx, the page will jump to default. aspx by default after verification.

FormsAuthentication. RedirectFromLoginPage (TextBox1.Text, chkPWD. Checked );

}

Else

{

Response. Write ("incorrect user name or password ");

}

The page under the Public directory (such as the user registration page, allows anonymous users to access to register an account), because. the config file is set to block access by anonymous users. Therefore, to enable Anonymous users to access pages under the Public directory, there are two methods:
Method 1:
Add the configuration file web. config in the Public directory and add code under the <system. web> </system. web> node:

<! -- Allow all users to access all pages in the directory: allow indicates allowing users to access -->

<Authorization>

<Allow users = "*"/>

</Authorization>

Method 2:

If you do not want to add the web configuration file to the Public directory. you can modify the web. config, which is the default </system. web> Add the following code below the node:

<Location path = "Public">

<System. web>

<Authorization>

<Allow users = "*"/>

</Authorization>

</System. web>

</Location>

The code structure of the entire web. config is as follows:


In another case, all pages in the current directory are blocked from anonymous access, but one page can be accessed anonymously, such as Default. aspx page, you can change the value of the path attribute of the above location node to this accessible page <lcation path = "Default. aspx ">
In this way, all pages except Default. aspx and Login. aspx in the face-to-face directory must be accessible to the user.

If you want to log out, you can use:
FormsAuthentication. SignOut (); destroys User Logon credenut
FormsAuthentication. RedirectToLoginPage (); redirects to the user logon page

Request. IsAuthenticated can be used to determine whether the user has been authenticated, that is, whether the user has logged on. If the user has logged on, true is returned; otherwise, false is returned. This allows the user to display unused page information to the logged on user and non-logged on user.
User. Identity. Name can be used to obtain the User Name of the current logon User, that is, TextBox1.Text in FormsAuthentication. RedirectFromLoginPage (TextBox1.Text, chkPWD. Checked.

 

 

 

 

For aspnet forms authentication

<Location path = "admin">
<System. web>
<Authorization>
<Deny users = "? "/>
</Authorization>
</System. web>
</Location>

Remove form

Because you have already defined
 
Security of forms authentication in ASPNET

You can try using two identical cookies in two projects and preview them at the same time.