Asp. NET provides 3 authentication methods: Windows Authentication, forms authentication, and Passport authentication.
Windows Authentication: IIS performs authentication based on the settings of the application. To use this authentication method, anonymous access must be disabled in IIS.
Forms validation: Use cookies to save user credentials and redirect unauthenticated users to a custom login page.
Passport verification: Performed through a centralized authentication service in Microsoft, which provides separate logins and core profile services for member sites.
For the configuration of these three kinds of authentication methods, recommend an article: http://www.jb51.net/article/30510.htm
I am here to explain forms validation methods, in the ASP.net project practical application and deep understanding.
The application of asp.net verification mechanism in project development will make the project very convenient and quick to realize the access rights of the page, and save some unnecessary security problems.
For the verification mechanism provided by ASP.net, it is necessary to have a deep understanding to use flexibly. For access to the entire project, sometimes we need to restrict access to some of the pages without affecting access to other public pages. Give an example of a real project.
Case: There is a asp.net project that restricts access to the entire project and does not allow anonymous user access, except for the login page.
The problem is that a file for the Script that is applied in the login page (assuming: Login.aspx file under the Manager directory) (assuming this file is: script/jquery-1.7.1.min.js)
1.web.config configuration file
Copy Code code as follows:
<!--Configure forms authentication does not allow anonymous users to access, otherwise jump to/manager/login.aspx page-->
<authentication mode= "Forms" >
<forms name= "Myteacher" loginurl= "~/manager/login.aspx" protection= "All" path= "/" timeout= "></forms>
</authentication>
<authorization>
<deny users= "?" />
</authorization>
Now we can understand that when the user opens the program, it will automatically go to the Manager/login.aspx page, but the Jquery-1.7.1.min.js file referenced by this page is not available. Because all anonymous users are limited to access to login.aspx pages, only other pages or files can be accessed normally after the ticket is registered. So when an anonymous user needs permission to access the Jquery-1.7.1.min.js file, it is necessary to set a file or file access rights for all users.
Copy Code code as follows:
<!--allow all users to access the script folder-->
<location path= "Script" >
<system.web>
<authorization>
<allow users= "*"/>
</authorization>
</system.web>
</location>
Path can only think of a specific file, such as "Script/script/jquery-1.7.1.min.js", where the "script" folder is represented, allowing anonymous users access to the files under the script folder
Copy Code code as follows:
<!--
Define ASP. NET authentication mechanism
-->
<!--allow all users to access the script folder-->
<location path= "Script" >
<system.web>
<authorization>
<allow users= "*"/>
</authorization>
</system.web>
</location>
<system.web>
<customerrors mode= "Off" defaultredirect= ". /error.aspx "/>
<!--Configure forms authentication does not allow anonymous users to access, otherwise jump to/manager/login.aspx page-->
<authentication mode= "Forms" >
<forms name= "Myteacher" loginurl= "~/manager/login.aspx" protection= "All" path= "/" timeout= "></forms>
</authentication>
<authorization>
<deny users= "?" />
</authorization>
2. Sign in registration note
When the login page is logged in and the login is successful, the registration note, after registering the ticket, is no longer an anonymous user than the current user's identity, without the restriction of access rights. The FormsAuthentication namespace is: using System.Web.Security;
FormsAuthentication.RedirectFromLoginPage (UserID, false); Page Registration Key USERSID indicates login ID
3. Tear up the bill (exit system)
FormsAuthentication.SignOut (); Torn Bill Exit Login
