In general, the authentication method for a Web site goes through the following steps:
1, enter user name and password, click OK button.
2, in the background to determine whether the user name and password is correct, if the error return prompt, if correct, enter the accessible page.
In the ASP era, it is common to create a session after verifying that the username and password match, and then to determine whether the session exists in each page that needs to be validated, and if so, to display the page content, if not, to generate a prompt and jump to the login page.
However, in the ASP.net era, this process is greatly reduced, no longer need to validate the session in each page, only need to do the following steps, you can complete the authentication process.
First step: Modify the Web.config file.
1, in <system.web> and </system.web> find the <authentication> section, change it to "<authentication mode=" Forms "/>", Where forms delegates use form authentication.
2, <system.web> and </system.web> add "<authorization><deny users="? /></authorization> ", where" <deny users= "?" /> "represents the rejection of all anonymous users.
Step Two: Create the Login.aspx file.
After the first step, ASP.net automatically jumps to the Login.aspx Web page whenever the user accesses a file in the Web site, as long as it is not authenticated, and uses the ReturnUrl parameter in the URL to pass the page that the user is currently visiting.
Assuming that the user accesses the Test.aspx file without authentication, then asp.net automatically jumps to the Login.aspx page, where the URL in the address bar in the browser window is: "Login.aspx?" Returnurl=%2ftest.aspx, so you can skip the page back to the page specified by the ReturnUrl parameter after authentication passes.
Step three: Verify identity in the Login.aspx file.
The authentication method is relatively simple, generally create a text box and a password box, the user entered the user name and password, click the Submit button, then go to the database to verify the identity, the detailed process is not written, here as long as the user entered the name of 1, the password is 2 think authentication passed.
After the authentication is complete, use Formsauthentication.setauthcookie () to create an authenticated ticket for the user and add it to the cookie. Later, access to other pages in the Web site does not require authentication. The code below when you click the Submit button is shown below.
Copy Code code as follows:
protected void Button1_Click (object sender, EventArgs e)
{
Authentication method, in this case the user name is 1, the password is 2
if (TextBox1.Text = = "1" && TextBox2.Text = = "2")
{
/*
* Create an authentication ticket for the user name and add it to the response cookie
* The first parameter of the SetAuthCookie is the name of the authenticated user.
* SetAuthCookie The second argument to true represents the creation of a persistent cookie (a cookie saved across the browser session), or FALSE to authenticate after closing the browser
*/
Formsauthentication.setauthcookie (TextBox1.Text, false);
}
If the ReturnUrl parameter is not passed in the URL, jumps to default.aspx, otherwise jumps to the page specified by the ReturnUrl parameter value
if (string. IsNullOrEmpty (request.querystring["ReturnUrl"))
{
Response.Redirect ("default.aspx");
}
Else
{
Response.Redirect (request.querystring["ReturnUrl"). ToString ());
}
}
Just three steps, you can authenticate, is it cool?
This example tests through in VS2005.
The advantage of this example is that the procedure and code are very simple.
The disadvantage of this example is that the entire Web site must be authenticated, you cannot specify which files can be accessed anonymously, and which files cannot be accessed anonymously.
