ASP. NET identity authentication mechanism

Asp. NET provides 3 ways to authenticate:
Windows Authentication : IIS performs authentication based on the settings of the application. To use this authentication method, anonymous access must be disabled in IIS.
Forms Authentication : Use cookies to save user credentials and redirect unauthenticated users to a custom login page.
Passport authentication : performed through Microsoft's centralized authentication service, he provides a separate login and core profile service for member sites.

For the configuration of these three kinds of authentication methods, a blog post is recommended: http://www.cnblogs.com/chenqingwei/archive/2010/07/12/1775472.html

I. Configuring Windows Authentication

1) Configure IIS Settings

2) set up Web. config
<system.web>
<authentication mode = "Windows" >
<!--notifies the operating system to pass the Trust Book of the currently logged-on user to the browser--
<authorization>
<!--prohibit anonymous user access--
<deny users = "?" />
</authorization>
</system.web>

Two. Configure Forms Identity Authentication

For the verification mechanism provided by ASP, the deep understanding can be used flexibly. For access to the entire project, sometimes we need to restrict access to parts of the page without affecting access to other public pages.

Case: There is an ASP. NET project that restricts access to the entire project and does not allow anonymous user access, except for the login page.

The problem is that a Script file is applied to the login page (assuming: The Login.aspx file in the Manager directory) (assuming this file is: script/ Jquery-1.7.1.min.js), meanwhile, the login page uses the validatecode.ashx file below the code directory to generate a picture of the captcha. Requires that the entire Web site be accessed only when the user logs on.

Idea: First, we restrict the entire root directory site from not allowing anonymous user access, otherwise you will be redirected to the login page. Second, the login page used the jquery developed JS effect, referring to the script folder under the Jquery-1.7.1.min.js file, we let anonymous use to access this file. Finally, the login page uses the Validatecode.ashx file in the code directory to generate the CAPTCHA image, so that anonymous users can access the file.

1.web.config configuration file

A. The configuration program does not allow anonymous users to access the Web site, otherwise it jumps to the login page. Path= '/' means that the root directory restricts the entire site from allowing anonymous users, or only the pages under one folder are not allowed to be accessed by users. <deny users= "?" > Restrict anonymous users, "?" Represents an anonymous user, and "*" represents all users.

<authentication mode="Forms"> <forms name="Myteacher"Loginurl="~/manager/login.aspx"protection=" All"Path="/"timeout=" -"></forms> </authentication> <authorization> <deny users="?"/> </authorization>

View Code

B. When the user opens the program, it automatically goes to the Manager/login.aspx page, but the Jquery-1.7.1.min.js file referenced by this page is not available. Because, restricting all anonymous users can only access the Login.aspx page, only when the ticket is registered to other pages or files to normal access. Therefore, when the anonymous user needs to have access to the Jquery-1.7.1.min.js file, it is necessary to set a file or file access rights for all users.

<!--allow all users to access the script folder--    <location path="script">      <system.web >        <authorization>          <allow users="*" />        </authorization >      </system.web>    </location>

View Code

C. So, according to the above, the verification code image can not be displayed. We configure the Generate Captcha file to allow anonymous user access, as follows:

<!--allows all users to access the Code/validatecode.ashx file, which is used to generate a CAPTCHA picture--  <location path="code/ Validatecode.ashx">    <system.web>      <authorization>        <allow users="  *" />      </authorization>    </system.web>  </location>

View Code

Description: The idea here is to prohibit all anonymous users from accessing the entire site, and then release a folder or file to allow anonymous users access to meet our needs.

Therefore, we can also use different ideas to limit, such as: The entire site is configured to allow anyone access, in the configuration of specific folders and files do not allow anonymous users, so as to meet our needs. The other scenes are similar, in short, how simple to use!

Three. Configure Passport identity Authentication
You need to install the Passport software Developer Kit. This authentication method is suitable for cross-site applications where only one user name and password can access any member station.

ASP. NET identity authentication mechanism