. Net form Authentication

Simple implementation of ASP. NET Forms authentication: 1) configure the application in the web. config file Program Use Forms authentication; 2) create a logon page and add the user authentication ticket to the cookie set.

1. Set Form Verification in the configuration file < Authentication Mode = " Forms " >
< Forms loginurl = " Netfromwork/formlogin. aspx " Defaurl URL = " Netfromwork/formlogin. aspx " Name = " . Aspnetformstest " Protection = " All " Timeout = " 20 "   > </ Forms >
</ Authentication >
< Authorization >
< Deny users = " ? " />
</ Authorization >

2. After verifying that the user is valid, write the authentication ticket to the cookie set String Username =   " Jimmy " ;
// Create ticket
Formsauthenticationticket ticket =   New Formsauthenticationticket ( 1 , Username, datetime. Now, datetime. Now. addminutes ( 1 ), False , "" );
// Encrypt the ticket.
String encticket = Formsauthentication. Encrypt (ticket );
// Create the cookie.
Response. Cookies. Add ( New Httpcookie (formsauthentication. formscookiename, encticket ));
// Redirect back to default or original URL.
Formsauthentication. redirectfromloginpage (username, True );

Above Code Simple forms authentication has been implemented. Next let's take a look at the bill information constructor. Formsauthenticationticket () And user redirection Functions Redirectfromloginpage () Prototype: Formsauthenticationticket () Prototype
//
// Abstract:
// Use the cookie name, version, directory path, release date, expiration date, persistence, and user-defined data to initialize system. Web. Security. formsauthenticationticket
// Class.
//
// Parameters:
// Version:
// The version number of the ticket.
//
// Name:
// The username associated with the authentication ticket.
//
// Userdata:
// User-specific data stored in tickets.
//
// Ispersistent:
// If the ticket is stored in a persistent cookie (saved in a cross-browser session), true is used; otherwise, false is used. This value is ignored if the ticket is stored in the URL.
//
// Issuedate:
// The local date and time when the ticket is issued.
//
// Cookiepath:
// The path where the ticket is stored in the cookie.
//
// Expiration:
// The local date and time when the ticket expires.
Public Formsauthenticationticket ( Int Version, String Name, datetime issuedate, datetime expiration, Bool Ispersistent, String Userdata, String Cookiepath );
Function redirectfromloginpage () Prototype
  //
// Abstract:
// Redirects authenticated users back to the original requested URL or default URL.
//
// Parameters:
// Username:
// The authenticated user name.
//
// Createpersistentcookie:
// True if you want to create a persistent cookie (a cookie that is saved in a cross-browser session); otherwise, false.
Public   Static   Void Redirectfromloginpage ( String Username, Bool Createpersistentcookie );

Common ForumLogin Validity PeriodHow is the function implemented? What parameters are implemented by setting? The parameters involved in the login validity period are as follows: ispersistent and expiration in the letter constructor formsauthenticationticket (), createpersistentcookie in the function redirectfromloginpage (), and the timeout attribute in the configuration file, how to Set the"Login for one hour, one day, one month, permanent, browser Process"Function?

The following describes my understanding of these parameters,By searching for online materials, msdn and program tests, you are welcome to correct any misunderstanding..

1. AboutPersistent cookieDoes not meanIspersistent = trueOrCreatepersistentcookie = truePersistent cookies can be interpreted as Cookies stored in cross-browser sessions. If it is set to true, different browser processes can share the cookie. That is to say, after logging on to one ie, the cookie remains logged on to the other IE.

2. About Function redirectfromloginpage () In msdn, it is interpreted as "If the cookiessupported attribute is true, and the returnurl variable is in the current application, or the enablecrossappredirects attribute is true, then, the redirectfromloginpage method will issue an authentication ticket and place it in the default cookie using the setauthcookie method."
It can be seen that when executing the redirectfromloginpage () function, the ticket information of the formsauthenticationticket instance will be overwritten. Therefore, the second part of the Code should not call this function, but should be replaced by the following code: String Username =   " Jimmy " ;
// Create ticket
Formsauthenticationticket ticket =   New Formsauthenticationticket ( 1 , Username, datetime. Now, datetime. Now. addminutes ( 1 ), False , "" );
// Encrypt the ticket.
String encticket = Formsauthentication. Encrypt (ticket );
// Create the cookie.
Response. Cookies. Add ( New Httpcookie (formsauthentication. formscookiename, encticket ));
// Redirect back to default or original URL.
Response. Redirect (formsauthentication. getredirecturl (username, True ));// Replace redirectformloginpage

3. AboutValid logon timeAfter the preceding modification, only the expiration ticket expiration time parameter of the constructor formsauthenticationticket () and the timeout attribute in the configuration file are involved in the login time. What is the relationship between the two?The validity period of a ticket is determined by the expiration attribute, and timeout takes effect only when the expiration attribute is not displayed and set..

I hope this will help you better understand what is wrong with your analysis. Reference: Role authentication authorization based on Forms authentication in Asp.net

Source Code : Click to download the complete sample program (Sample Path:/netfromwork/formlogin. aspx)