Forms authentication is so simple

1. Web. config in the root directory

 

Code
<Authentication mode = "forms">
<Forms loginurl = "login. aspx" name = ". aspxauth"> </Forms>
</Authentication>

<Authorization>
<Deny users = "? "/>
</Authorization>

 

 

2. Web. config in the public directory, used to display the Page code that can be browsed by anonymous users
<Configuration>
<System. Web>
<Authorization>
<Allow users = "*"/>
</Authorization>
</System. Web>
</Configuration> 3. Web. config In the Admin directory, which allows users with only the username admin to view the code.
<Configuration>
<System. Web>
<Authorization>
<Allow users = "admin"/>
<Deny users = "*"/>
</Authorization>
</System. Web>
</Configuration> 4. In login. aspx. CS, you can simply verify the code.
// Verify
If (thenode! = NULL)
{
If (thenode. childnodes [1]. innertext = textbox2.text. Trim ())
{
Formsauthentication. redirectfromloginpage (textbox1.text. Trim (), false); // a simple sentence
}
}

Response. Write ("<SCRIPT> alert ('this user name or password is not correct! ') </SCRIPT> "); 5. There are some reference codes.

1. logon code:

A. Introduced in books

Private void btn_login_click (Object sender, system. eventargs E)

{

If (this. txt_username.text = "admin" & this. txt_password.text = "123456 ")

{

System. Web. Security. formsauthentication. redirectfromloginpage (this. txt_username.text, false );

}

}

B. I have been searching for N for a long time.

Private void btn_login_click (Object sender, system. eventargs E)

{

If (this. txt_username.text = "admin" & this. txt_password.text = "123456 ")

{

System. Web. Security. formsauthentication. setauthcookie (this. txt_username.text, false );

Response. Redirect ("default. aspx ");

}

}

The two types of cookies can be issued after verification, that is, they pass verification. difference:

Method A) returns the request page after verification, which is commonly known as "from where to where ". For example, if you enter http: // localhost/formtest/userinfo. aspx directly in the IE address bar before logging on, the user will see login. aspx? Returnurl = userinfo. aspx. After the user name and password are entered, the system returns the corresponding page based on the value of "returnurl ".

Method B) two steps are taken: after the verification is passed, the cookie is directly issued, and the jump page will be designated by the programmer. This method is mostly used in the system where default. aspx uses the framework structure.

2. Exit code:

Private void btn_logout_click (Object sender, system. eventargs E)

{

System. Web. Security. formsauthentication. signout ();

}

3. Check whether verification is successful

 

If (user. Identity. isauthenticated)

{

// You have passed the verification. Do you know what to do?

}

User. identity also has two attributes: authenticationtype (authentication type) and name (User Name). Note that the name attribute is the user. identity. name will get, when the verification passes (redirectfromloginpage or setauthcookie), we bring the first parameter This. txt_username.text

 

Code
Private void submitemailclick (Object sender, system. eventargs E)
{

If (this. textbox_username.text.trim () = "hr_manager"
& This. textbox_password.text.trim () = "password ")
{
// Success, create non-persistent authentication cookie.

Formsauthentication. setauthcookie (
This. textbox_username.text.trim (), flase );

Formsauthenticationticket ticket1 =
New formsauthenticationticket (
1, // version

This. textbox_username.text.trim (), // get username from the form

Datetime. Now, // issue time is now

Datetime. Now. addminutes (10), // expires in 10 minutes

False, // cookie is not persistent

"HR" // role assignment is stored

// In userdata

);
Httpcookie cookie1 = new httpcookie (
Formsauthentication. formscookiename,
Formsauthentication. Encrypt (ticket1 ));
Response. Cookies. Add (cookie1 );

// 4. Do the redirect.

String returnurl1;
// The login is successful

If (request. querystring ["returnurl"] = NULL)
{
Returnurl1 = "hrpages/hr_main.aspx ";
}

// Login not unsuccessful

Else
{
Returnurl1 = request. querystring ["returnurl"];
}
Response. Redirect (returnurl1 );
}
}