ASP. NET2.0 website development (9) permission settings

This section is the last section of software development. It mainly Sets Software permissions. In ASP. NET2.0, there are multiple authentication methods, but Windows and Passprot are almost useless. Windows identity authentication is based on Windows accounts and ntfs acl tokens and can be used effectively on the Intranet or in some external network environments, but in more actual operating environments, windows authentication is not appropriate because users accessing this Web application cannot have Windows accounts in this application domain. Passport is not free and requires stricter security measures. It is more suitable for websites such as e-commerce, for example: after developing a Web application that is not particularly important, you need to pay for user verification before verification. Can you accept it?

Currently, Form authentication is the most suitable method for authentication. By setting in the program, the user is redirected to a logon page when accessing, after the user's creden are entered and successfully verified, redirect them to the requested page. The storage of identity information depends on the identity table in the database. In this software, the user table generated in the database is used, and maintenance of the User table is no longer set. It only demonstrates an authentication method.

Enter a valid record in this table. During User Logon, this information will be used for user authentication. In this example, the login name is admin and the password is the same as the login name, the password is not encrypted.

In ASP. in NET2.0, a method class MemberShip for managing user accounts is provided in Form Verification. After inheriting this class and implementing corresponding methods, the problem of identity logon is solved, in the inherited method, implement the verification method ValidateUser:

1 public override bool ValidateUser (string username, string password)
2 {
3 bool isExists = false;
4 UserClass user = new DALClass (). User_GetValue (username );
5 if (user! = Null)
6 {
7 if (user. Yhkl = password)
8 isExists = true;
9}
10 return isExists;
11}
12

Open the web. config file, modify the authentication method of the application, change the default Windows authentication method to Forms, and refuse to display any page information except the specified page:

<Authentication mode = "Forms">
<Forms loginUrl = "Default. aspx"/>
</Authentication>
<Authorization>
<Deny users = "? "/>
</Authorization>

Specify the authentication class for the application:

<Membership defaultProvider = "MProvider">
<Providers>
<Add name = "MProvider" type = "MProvider, App_Code"/>
</Providers>
</Membership>

The last step is to set the user's anonymous status as well as the resources that can also be used, such as related resources such as slice. If you do not set it, the image cannot be displayed or the Cascading Style Sheet cannot be found by the application:

<Location path = "StyleSheet.css">
<System. web>
<Authorization>
<Allow users = "*"/>
</Authorization>
</System. web>
</Location>
<Location path = "images">
<System. web>
<Authorization>
<Allow users = "*"/>
</Authorization>
</System. web>
</Location>
<Location path = "getPic. aspx">
<System. web>
<Authorization>
<Allow users = "*"/>
</Authorization>
</System. web>
</Location>

 

The following shows the running status:

1. Not logged on:

2. logon user error:

3. Correct logon page:

After setting, even if you enter a separate page address, the program will still point to the logon page and wait for the user to log on.

Conclusion