. NET Web identity authentication and. NETWeb Identity Authentication

. NET Web identity authentication and. NETWeb Identity Authentication

Baidu click "asp.net Identity Authentication" and you will get a lot of relevant information. These materials will usually introduce content such as "Form authentication" and "Windows Authentication, without a complete process. Beginners often get confused about this, and I have been pitted many times. Therefore, writing this article is a review.

Modern Windows Server systems are based on strict user mechanisms. account and password verification is required when you want to operate the Server. After we deploy the developed Web application on the server, the user accesses the site through the browser, which is actually the process of operating the server through HTTP, essentially, it is also the process of user operations on the server (at least read. This leads to a problem that is ignored by most people: network users do not know the account and password of the server. How can they have the permission to read and write the server? The answer can be shown in the following simple figure:

<Authenticationmode = "Windows"/>

Here, Windows authentication is different from that in IIS. This means that Windows users obtained by IIS are directly uploaded to the website for use. You can add the following code in index. cshtml for access:

Current logon status: @ Request. IsAuthenticated <br/> current logon User: @ User. Identity. Name

If IIS uses any authentication with input boxes other than anonymous authentication, the effect is as follows:

Generally, this method is useless. In most cases, we only use the "anonymous Identity Authentication" Method for IIS. Then, develop your own user logic on your site and set the authentication mode to forms, which is a Form authentication that we are familiar.

The core principle of Form authentication is very simple. A user carries his/her identity certificate (username and password) in the request information. After the site passes verification, the user will be given a ticket to prove his/her identity, the client uses cookies to store the ticket. In future requests, the ticket is attached to the request to prove the identity. There is a great god in the garden who makes it very clear through the series of examples: Sorry! About these two ways, take off brother in his blog explains also very detailed: http://www.cnblogs.com/jesse2013/p/membership.html