Forms authentication in ASP.net (simplest article) _ Practical Tips

In creating a Web site, authentication is often used. Several forms of authentication are built into the asp.net, such as windows, froms, Passport, and so on. There are different ways to authenticate these kinds of authentication. In general, the authentication method for a Web site goes through the following steps:

1, enter user name and password, click OK button.

2, in the background to determine whether the user name and password is correct, if the error return prompt, if correct, enter the accessible page.

In the ASP era, it is common to create a session after verifying that the username and password match, and then to determine whether the session exists in each page that needs to be validated, and if so, to display the page content, if not, to generate a prompt and jump to the login page.

However, in the ASP.net era, this process is greatly reduced, no longer need to validate the session in each page, only need to do the following steps, you can complete the authentication process.

First step: Modify the Web.config file.

1, in <system.web> and </system.web> find the <authentication> section, change it to "<authentication mode=" Forms "/>", Where forms delegates use form authentication.

2, <system.web> and </system.web> add "<authorization><deny users="? /></authorization> ", where" <deny users= "?" /> "represents the rejection of all anonymous users.

Step Two: Create the Login.aspx file.

After the first step, ASP.net automatically jumps to the Login.aspx Web page whenever the user accesses a file in the Web site, as long as it is not authenticated, and uses the ReturnUrl parameter in the URL to pass the page that the user is currently visiting.

Assuming that the user accesses the Test.aspx file without authentication, then asp.net automatically jumps to the Login.aspx page, where the URL in the address bar in the browser window is: "Login.aspx?" Returnurl=%2ftest.aspx, so you can skip the page back to the page specified by the ReturnUrl parameter after authentication passes.

Step three: Verify identity in the Login.aspx file.

The authentication method is relatively simple, generally create a text box and a password box, the user entered the user name and password, click the Submit button, then go to the database to verify the identity, the detailed process is not written, here as long as the user entered the name of 1, the password is 2 think authentication passed.

After the authentication is complete, use Formsauthentication.setauthcookie () to create an authenticated ticket for the user and add it to the cookie. Later, access to other pages in the Web site does not require authentication. The code below when you click the Submit button is shown below.

protected void Button1_Click (object sender, EventArgs e) 
{ 
 //authentication method, in this case the user name is 1, the password is 2 
 if (TextBox1.Text = "1" && TextBox2.Text = = "2" 
 { 
  * 
   * * * Create an authentication ticket for the user name and add it to the response cookie 
   * The first parameter of the SetAuthCookie is the name of the authenticated user. 
   * SetAuthCookie The second argument to true represents the creation of a persistent cookie (a cookie saved across the browser session), or false to verify identity 
  after closing the browser. Formsauthentication.setauthcookie (TextBox1.Text, false); 
 If the ReturnUrl parameter is not passed in the URL, jumps to default.aspx, otherwise jumps to the Web page if (string) specified by the ReturnUrl parameter value 
 . IsNullOrEmpty (request.querystring["ReturnUrl"])) 
 { 
  Response.Redirect ("default.aspx"); 
 } 
 else 
 { 
  Response.Redirect (request.querystring["ReturnUrl"). ToString ()); 
 } 

The above is the simplest form of asp.net authentication, and then there are more on the asp.net forms of authentication articles and you share, I hope to help you learn,