ASP.NET 2.0 Forms Safety Certification _ practical Skills

Source: Internet
Author: User
Tags ticket
That is: Use the Membership class + FormsAuthentication together to create a user-managed and certified system.
Of course, these two parts can be used alone, today, the first emphasis on the latter, as for the former, my next essay will be written.

ASP.net provides a variety of authentication methods, such as the famous Windows authentication
Windows Authentication mode sets the current User property value to WindowsIdentity based on the credentials provided by IIS, but it does not modify the Windows identity provided to the operating system. The Windows identity provided to the operating system is used for permission checks, such as NTFS file permission checks, or for connecting to the database using integrated security. By default, this Windows identity is the identity of the asp.net process. On Microsoft Windows 2000 and Windows XP Professional, this identity is the identity of the ASP.net worker process, the local ASPNET account. On Windows Server 2003, this identity is the identity of the IIS application pool to which the ASP.net application belongs. By default, this identity is the network SERVICE account.
By enabling the impersonation feature, you can configure the Windows identity of the ASP.net application to the Windows identity provided by IIS. That is, indicates that the ASP.net application simulates the identity provided by IIS for all tasks that are validated by the Windows operating system, including file and network access. (Explanation from MSDN Library)

There is also a common authentication that Forms authentication
Forms authentication enables WEB applications that do not require Windows authentication to authenticate users and passwords. When you use Forms authentication, user information is stored in an external data source, such as the member database, or in the application's configuration file. When a user is authenticated, Forms authentication maintains an authentication ticket in a Cookie or URL, so that authenticated users do not need to provide credentials on each request.

This is convenient and safe, how to complete the Forms Identity authentication settings?

First open the configuration file web.config
Find <authentication> and <authorization> nodes under <system.web> node join
<system.web>
<authentication mode= "Forms" >
<forms loginurl= "Login.aspx"/>
</authentication>
<authorization>
<deny users= "?"/>
</authorization>
<authentication> node is set to authenticate the way, here we make Forms
<forms> the properties within the node can be used to establish the authentication page (login page), the default page, whether to use cookies, authentication timeout, and so on.
Here we only specify the authentication page loginurl= "Login.aspx"
<authorization> node is a certified node
<deny> is denying node specified attribute users= "?" That is, not certified people need to go to the Certification page certification
The corresponding is the <allow> allow node

This way the idea is clear, regardless of user access to what page the server will determine whether the user passed the certification, if not go to the certification page.

The next step will be to determine how to complete our certification in the Login.aspx.cs file.
public void Login_onclick (object sender, EventArgs args)
{
if (BLL. Checklogin (this. Txbusername.text,this. Txbuserpwd.text))
FormsAuthentication.RedirectFromLoginPage (usernametextbox.text,notpubliccheckbox.checked);
Else
Msg.text = "Login failed." Please check your user name and password and try again. ";
}
The Checklogin (username, password) method here is a method used at the logical level to verify that the user is legitimate
Of course, some of the validation methods that are inherited with the membership class are simpler, but are not described in detail here.

FormsAuthentication Class (finally refers to the protagonist), it belongs to the namespace for System.Web.Security;
FormsAuthentication is used to set the authentication class, if the user is legitimate, save the user name in the cookie, then the user again access or access to other pages do not need to authenticate again
The common methods within it are
RedirectFromLoginPage (user name (string), whether the user name is kept in Coolie (bool) for a long time
REDIRECT the authenticated user back to the originally requested URL or default URL

SetAuthCookie (user name (string), whether the user name is kept in Coolie (bool) for a long time
Creates an authentication ticket for the provided user name and adds it to the response's Cookie collection or URL
Many methods are not listed in detail.

Concrete use or deep excavation I hope you'll explore it yourself.
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.