Asp.net Form Verification

ASP. NETProgramAre you authenticated?CodeAre you familiar with writing? Do I apply the same method when writing authentication code and want to try writing something new? This article will introduce some problems encountered when using form authentication, as well as some skills used in the use process.

To sum up, there are four authentication modes for ASP. NET Security Authentication: "Windows", "form", "Passport", and "NONE. "Windows" and "NONE" do not play a protection role and are not recommended. "Passport" is just used to talk about "form" authentication. I divided it into three parts: the first part -- How to Implement form authentication; the second part -- practical application of form authentication; the third part -- Single Sign on)

Part 1 How to Use Form for ASP. NET Authentication

1. Create a test project

For better description, it is necessary to create a test project ("formtest" for the time being), which contains three pages (default. aspx, login. aspx, userinfo. aspx ). What? No one will create a project or add a page? What should I do? I think it's okay: drag it out, call it back, learn from kindergarten ......

2. modify web. config

1. Double-click Web. config in the project (No, cannot find pp)

2. Find the following text and change it:

 

<Authentication mode = "forms"> <Forms loginurl = "login. aspx" name = ". aspxauth"> </Forms> </Authentication>

 

3. Replace

 

A) <authorization> <deny users = "? "> </Deny> </authorization> {system. web. security. formsauthentication. redirectfromloginpage (this. txt_username.text, false);} B) Private void btn_login_click (Object sender, system. eventargs e) {If (this. txt_username.text = "admin" & this. txt_password.text = "123456") {system. web. security. formsauthentication. setauthcookie (this. txt_username.text, false); response. redirect ("default. aspx ");}}
 

The two types of cookies can be issued after verification, that is, they pass verification. difference:

Method A) returns the request page after verification, which is commonly known as "from where to where ". For example, if you enter http: // localhost/formtest/userinfo. aspx directly in the IE address bar before logging on, the user will see login. aspx? Returnurl = userinfo. aspx. After the user name and password are entered, the system returns the corresponding page based on the value of "returnurl ".

Method B) two steps are taken: after the verification is passed, the cookie is directly issued, and the jump page will be designated by the programmer. This method is mostly used in the system where default. aspx uses the framework structure.

2. ASP. NET authentication exit code:

 

Private void btn_logout_click (Object sender, system. eventargs E)
 

 
{
 

 
System. Web. Security. formsauthentication. signout ();
 

 
}
 

Iv. How to determine whether ASP. NET authentication is successful or not and obtain user information after ASP. NET Authentication

Sometimes, you need to determine whether the user has logged on to the same page and then display different la S. Some people like to use session to judge. Here I want to tell you another method and read the following code:

 

If (user. Identity. isauthenticated) {// you have passed ASP. NET authentication. Do you know what to do ?}

User. identity also has two attributes: authenticationtype (authentication type) and name (User Name). Note that the name attribute is the user. identity. name will get, when the verification passes (redirectfromloginpage or setauthcookie), we bring the first parameter This. txt_username.text.