I. ASP. NET Security Authentication Mode
Windows, forms, passport, none
Ii. Modify the Verification Mode
Modify web. config <system. Web>
<! -- Modify the Authentication Mode to forms -->
<Authentication mode = "forms">
<Forms loginurl = "~ /Login. aspx "name =" your user "defaulturl =" default. aspx "> </Forms>
</Authentication>
<! -- Disable anonymous logon -->
<Authorization>
<Deny users = "? "/>
</Authorization>
3. log in and issue an authentication ticket
Formsauthentication. formscookiename ~ Is the preceding Login User
// Return to the request page after successful login
A: system. Web. Security. formsauthentication. redirectfromloginpage (formsauthentication. formscookiename, false );
// Send a verification ticket to the specified page
B: system. Web. Security. formsauthentication. setauthcookie (formsauthentication. formscookiename, false );
Response. Redirect ("default. aspx ");
Iv. User logout
System. Web. Security. formsauthentication. signout ();
V. Whether the user has passed verification
User. Identity. isauthenticated // If the verification is successful or a cookie exists, the value is true; otherwise, the value is false.
Vi. Scope of Web. config
0: the setting of machine. config applies to all directories of the entire machine and all files under the directory. -->
1: Web. config settings apply to all files in the directory and all files in its subdirectories. --> sub-files with parent names
2: The Web. config settings under the subdirectory will overwrite the settings inherited by the parent directory --> it will be out, and the military will not be affected.
7. Set access permissions for a folder or file
1: create a web. config file in the corresponding folder
<Authorization>
<Deny users = "? "/> // Set the access permission here
</Authorization>
2: Set access permissions for all folders and folders of the entire site under the root directory web. config
<Configuration>
// Directory folder 1
<Location Path = "public"> // <Location Path = "Public/default. aspx"> Configure access for a file
<System. Web>
<Authorization>
<Allow users = "*"/>
</Authorization>
</System. Web>
</Location>
// Directory folder 2
<Location Path = "managesys">
<System. Web>
<Authorization>
<Allow users = "admin"/>
<Allow users = "WF"/>
<Allow users = "fy"/>
<Deny users = "*"/>
</Authorization>
</System. Web>
</Location>
// Configure web. config in the original root directory
<System. Web>
<Authentication mode = "forms">
<Forms loginurl = "~ /Login. aspx "name =" your user "defaulturl =" default. aspx "> </Forms>
</Authentication>
<Authorization>
<Deny users = "? "/>
</Authorization>
</System. Web>
</Configuration>
8. Single Sign-on
1: Get the machine key to generate the key
<Key generation method>
Protected void btn_ OK _click (Object sender, eventargs E)
{
String decstr = This. createkeystring (Int. parse (this. textbox1.text ));
String valstr = This. createkeystring (Int. parse (this. textbox2.text ));
This. textbox3.text = string. format ("<machinekey validationkey = \" {0} \ "decryptionkey = \" {1} \ "validation = \" sha1 \ "/>", valstr, decstr );
}
/// <Summary>
/// Generate a strong random key value of the encryption type
/// </Summary>
/// <Param name = "I"> valid key length:
/// The valid value of decryptionkey is 8 or 24;
/// The valid value of validationkay is 20 to 64.
/// </Param>
Private string createkeystring (int I)
{
System. Security. cryptography. rngcryptoserviceprovider RNG = new system. Security. cryptography. rngcryptoserviceprovider (); // cipher random number generator
Byte [] bt = new byte [I];
RNG. getbytes (BT); // fill in the byte array with the encrypted strong random value sequence
System. Text. stringbuilder STR = new system. Text. stringbuilder ();
For (Int J = 0; j <I; j ++)
{
Str. append (string. Format ("{0: X2}", BT [J]); // converts the string to hexadecimal text in uppercase.
}
Return Str. tostring ();
}
2: Add a key to the project root web. config for single-point login;
A) The <machinekey> node of the web. cinfig project ensures that the following fields are identical: validationkey, decryptionkey, and validation.
B) the cookie names of the two projects must be the same, that is, the name attribute in <forms>. Here we will unify it into name = "userlogin" // name = "www.wf.com"
C) be case sensitive.
D) integrate the login page to a unified login site, for example, loginurl = "www.wf.com/login.aspx", and issue a verification ticket on the login page.
// Project Website 1
<System. Web>
<Machinekey validationkey = "encrypt" decryptionkey = "9ebaa26a9e9424994ce2c0a4c0ea5b20" validation = "sha1"/>
<Authentication mode = "forms">
<Forms name = "userlogin" loginurl = "~ /Login. aspx "> </Forms>
</Authentication>
<Authorization>
<Deny users = "? "/>
</Authorization>
</System. Web>
// Project website 2
<System. Web>
<Machinekey validationkey = "encrypt" decryptionkey = "9ebaa26a9e9424994ce2c0a4c0ea5b20" validation = "sha1"/>
<Authentication mode = "forms">
<Forms name = "userlogin" loginurl = "~ /Login. aspx "> </Forms>
</Authentication>
<Authorization>
<Deny users = "? "/>
</Authorization>
</System. Web>
3. Send cookies to users
<1>: After one login, each site is granted cookie authentication.
<2>: After one login, Cookie authentication is selectively issued based on the user.
9. Cookie
1: Common cookie
Protected void button#click (Object sender, eventargs E)
{
Httpcookie ck = new httpcookie ("str ");
CK. expires. adddays (1 );
CK ["RR"] = "str_rr _";
CK ["W1"] = "str_w1 _";
Response. Cookies. Add (CK );
Httpcookie cknex = new httpcookie ("NEX ");
CK. expires. adddays (1 );
CK. value = "NEX _";
Response. Cookies. Add (cknex );
}
Protected void button2_click (Object sender, eventargs E)
{
Textbox1.text = request. Cookies ["str"] ["W1"]. tostring () + request. Cookies ["str"] ["RR"]. tostring ();
}
2: generate user-verified cookies
Public void authenticationusers (string username)
{
Formsauthenticationticket tichet = new formsauthenticationticket (1, username, datetime. Now, datetime. Now. addhours (24), true ,"");
String hashtichet = formsauthentication. Encrypt (tichet );
Httpcookie usercookie = new httpcookie (formsauthentication. formscookiename );
Usercookie. value = hashtichet;
Usercookie. expires = tichet. expiration;
Usercookie. Domain = formsauthentication. cookiedomain;
Httpcontext. Current. response. Cookies. Add (usercookie );
}
This cookie is equivalent to the following two cookies.
// Return to the request page after successful login
A: system. Web. Security. formsauthentication. redirectfromloginpage (formsauthentication. formscookiename, false );
// Send a verification ticket to the specified page
B: system. Web. Security. formsauthentication. setauthcookie (formsauthentication. formscookiename, false );