Asp.net form Verification

When reading a book, the most common judgment is to use cookies or session storage during login, and then determine whether to log on to each page.

In this way, it is difficult to judge every page.

After half a year of graduation, I have learned to use classes and rewrite the event OnLoad () so that every page inherits this class! This class can be used to determine whether to log on, determine permissions, and so on.

However, if you have no permission for other operations only for login verification! In this way, using form verification is more convenient than inheriting classes. This is what we thought of today! Because I pay attention to playing while reading, I did not pay much attention to the results. I learned form verification again today.

First configure web. config

Configure in systen. web

<Authentication mode = "Forms">
<Forms loginUrl = "admin/Login. aspx" defaultUrl = "admin/Default. aspx" timeout = "1"> </forms>
</Authentication>
<! --
The name attribute specifies the name of the cookie required for verification. The default value is ". ASPXAUTH ". If multiple Web applications are attached to a server, you must specify this name again because each application requires a unique cookie.

The loginUrl attribute specifies the logon page to provide the user name and password. The default value is "login. aspx ". This page can be stored in the same directory as the page that requires identity verification (Oh, I thought this page should be placed in a separate publicly accessible directory ).

The defaultUrl attribute specifies the page to jump to after login. The default value is "default. aspx". Of course, you can also jump to the previous page before user login, and this is the default implementation of. NET.
Timeout cookie expiration time
-->

 

<! -- System. web peer -->
<Location path = "admin">
<System. web>
<Authorization>
<Deny users = "? "/> <-- Reject anonymous users -->
</Authorization>
</System. web>
</Location>

 

My background is placed in a folder! In this way, you only need to set permissions for this folder. If you do not log on to this folder and browse any files in this folder, you will be redirected to the login page. The login will jump to ReturnUrl, which is the page you visited previously. If ReturnUrl is empty, jump to defaultUrl, that is, the default url you configured

Next is the code

Code

If (TextBox1.Text = "adminss" & TextBox2.Text = "admin ")
{
FormsAuthentication. RedirectFromLoginPage (TextBox1.Text, CheckBox1.Checked );
// If CheckBox1.Checked is set to true, the cookie will be permanently saved until the cookie expires.
// Response. Redirect ("xx. aspx") can be followed to jump to the page you specified, but cannot jump without verification!
// Directly jump without the verification ticket above will fail because no authentication ticket is created
// Response. Redirect (Context. Request ["ReturnUrl"]);
// Response. Redirect ("xx. aspx ");
}
Else
Response. Write ("the user name or password is incorrect! ");

Some pages must display different typographical la s based on whether or not the user logs in.

If (User. Identity. IsAuthenticated) // This is used to determine whether the User logs in
{
// Login;
}
Else
{
// Not logged in
}

Sometimes, the user name is displayed on the page.

User. Identity. Name // get the login Name, which is actually TextBox1.Text in FormsAuthentication. RedirectFromLoginPage (TextBox1.Text, CheckBox1.Checked;

 

 

I love shaping Network: http://www.52sushen.com

 

Okay, then exit the code.

FormsAuthentication. SignOut ();