Home > Developer > ASP

Asp.net Form Verification

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

The most common authentication mode when developing an Asp.net program is form-based authentication mode, which can be quickly implemented by combining global. Asa and webconfig. In general, this process is to first create a folder, then put the page to be protected, and then set the web and config to complete the protection. If you want to access this folder, it will be forced to go to the preset login page, you fill in the correct user name and password, submit, after system verification, write your login information to the cookie so that you can access the folder again, because your login credential has been saved in the cookie.
First, create an Asp.net application. There must be at least one logon page, modify the Web. config in your root directory, and change the verification area to the forms authentication mode.

<Authentication mode = "forms">
<Forms loginurl = "login. aspx"/>
</Authentication>
<Authorization>
<Deny users = "? "/>
</Authorization>

Next, put a web in the folder to be protected. config. Note that the web. the actual content of config cannot be as much as that in the root directory; otherwise, a "configuration error" will occur ", the error message "The Section registered as allowdefinition = 'machinetoapplication' outside the application level is incorrect. This error may occur because the virtual directory is not configured as an application in IIS ." I don't know how to do it. In short, this web. config will be okay if there is any of the following content.

<Configuration>
<System. Web>
<Authorization>
<! -- Set the role that is allowed to access this folder and the role that is denied. The administrator and the teacher are allowed to access this folder. -->
<Allow roles = "admin"/>
<Allow roles = "teacher"/>
<Deny roles = "student"/>
<! -- The premise is to reject anonymous users! -->
<Deny users = "? "/>
</Authorization>
</System. Web>
</Configuration>

Of course, you can also complete all URL Authorization in the top-level Web. config file, instead of dividing them into the web and config files in their respective directories. Asp.net also supports this approach. The following web and config files are stored in the application root directory.
This setting protects the content in the admin folder and denies anonymous access.

<Location Path = "admin">
<System. Web>
<Authorization>
<Deny users = "? "> </Deny>
</Authorization>
</System. Web>
</Location>

Okay. After the settings are complete, we will start to write code for our form verification.
There are two ways: first, when there are not many users on the website, you can put the user and password in Web. config. Add a Credentials section to the Web. config file in the root directory, which contains the username and password.
As follows:

<Authentication mode = "forms">
<Forms loginurl = "login. aspx">
<Credentials passwordformat = "clear">
<User name = "admin" Password = "admin"/>
</Credentials>
</Forms>
</Authentication>

In this case, system. Web. Security. formsauthentication. Authenticate (string name, string password) is used together to verify the user name and password specified in the credentials section. If yes, true is returned.

The following describes the second method, which reads the username and password from the database for verification.
1: create three tables in the database: Users (userid, username, userpwd) --- store user information
Roles (roleid, rolename) ------ store the role name
User_role (userid, roleid) ----- the table between the user and the role, making the first two tables multi-to-many relationship

2: Add the following logic to the login button on the login page and click the event

If (page. isvalid)
{
If (users. Authenticate (txtusername. Text, txtpassword. Text) // database verification method, Code omitted
{
// Guide to the initial page after verification
Formsauthentication. redirectfromloginpage (txtusername. Text, chkremember. checked;
}
}

You can also use formsauthentication. setauthcookie (email. Text, remembercheckbox. Checked) Here. This method does not perform page orientation, but stays on this page, and then you can choose to direct the page.

 

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More