Asp. NET implementation of anonymous access control

asp.net| Access | control

By learning I mastered two control methods, to achieve the site's anonymous access control, one is implemented through IIS, and the other through the asp.net implementation. There is no difference between the two basically achievable features, but it's easier to manage and maintain through asp.net.

For implementation through IIS it is clear that you can set access permissions on folders or individual files (pages), and IIS provides a way to set up directory security and file security. And you can set permissions for different audiences directly. This provides an anonymous access control method, which is no longer discussed here.

Asp. NET control method:

First introduced the results of the implementation of the example, a Web site can be logged after the user information stored in a cookie, and identify the user is authenticated, in the access to other pages directly to the identity of the user to determine whether through validation, if you can continue to access the page, If it is an anonymous access user that is not authenticated (that is, a user who is not logged in), it will jump to the landing page to prompt the user to log in. Set one of the user registration pages to be anonymous, because the business logic only allows registration to log in.

In the landing page or the user's username and password to verify the first, it is possible to use a method of comparison with the database or to authenticate in AD, and then to identify the current user as authenticated user in the cookie and jump to the page requested before the user jumps to the landing page.

FormsAuthentication.RedirectFromLoginPage (Username,createpersistentcookie);

On the page directly requested by the user, we use the following method to authenticate the user.

Context.User.Identity.IsAuthenticated

Context: Gets the System.Web.HttpContext object associated with the page

User: Get or set security information for the current HTTP request

Identity: Gets the identity of the current user

IsAuthenticated: Gets a bool value indicating whether the user is validated

Then we make security settings in Web.config.

<authentication mode= "Forms" >
<forms loginurl= "Login.aspx" ></forms>
</authentication>

Forms you provide users with a custom form (Web page) for entering credentials, and then verify their identities in your application. The user credential token is stored in the Cookie.

<authorization>
<deny users= "?"/>
</authorization>

Deny means no, users= "?" Represents an anonymous user

<location path= "Newuser.aspx" >
<system.web>
<authorization>
<allow users= "*"/>
</authorization>
</system.web>
</location>

Represents the new User registration page newuser.aspx, which allows anyone to access it. This enables access control for anonymous users.