Asp.net|window If you configure ASP.net to use Windows authentication, IIS uses the configured IIS authentication mechanism to perform user authentication. The steps for enabling Windows authentication are as follows:
(1) Configure the Web.config file.
<authentication mode= "Windows"/>
(2) Start the Internet Information Service (IIS) of the system first, right-click the node in this directory of the Web site, and select the Properties command. As shown in Figure 12.3.
Figure 12.3 Starting IIS
(3) Select the Directory Security tab in the Open window, and then click the Edit button in the anonymous access and authentication control column, as shown in Figure 12.4.
Figure 12.4 Selecting the Directory Security tab
(4) In the pop-up window select "Anonymous access", namely: Allow Anonymous access. Then fill in the username and password, and select Integrated Widows authentication. As shown in Figure 12.5.
Figure 12.5 Completing the Windows user name and password
Windows-based authentication is done with the above settings. The Windows identity of each virtual directory can inherit the identity of the root directory, or it can have its own Windows identity, and you can set permissions on each Windows identity as needed. For example, for Windows authentication based on user groups, you can add the following code in Web.config:
<authorization>
<deny user= "DomainName\UserName"/>
<allow roles= "Domainname\windowsgroup"/>
</authorization>
In practical applications, Windows authentication is often combined with downstream resources, such as databases, to complete authentication.
Summary of this chapter
This chapter mainly introduces how to implement the security control of Web program in asp.net. Firstly, this paper introduces the principle and process of Web application security control, then introduces the basic knowledge of Web.config file, and finally introduces two kinds of security control modes commonly used in practical applications: forms-based authentication and windows-based authentication.