Asp.net Forms authentication

Integrating Windows authentication (one of Windows Authentication) brings a lot of convenience to developers, however, developers must deploy it in such an environment-the user accounts of all clients must be stored in Windows domains or active directories (for some public websites, and use the latest version of Internet Explorer. However, it is difficult for many web applications to meet these two conditions or one of them. In this case, Forms authentication can still allow developers to collect client creden and then verify them (I personally think forms-based authentication is the most flexible, of course, more code will be written ).

Authentication is often used in website creation. Asp.net has several built-in authentication methods, such as none, windows, froms, and passport. These authentication methods are different.

Generally, the authentication method of a website goes through the following steps:
1. Enter the user name and password, and click OK.
2. Check whether the user name and password are correct in the background. If the user name and password are correct, a prompt is returned. If the user name and password are correct, the accessible page is displayed.
In the ASP era, a session is usually created after the user name and password are verified to match, and then the session exists on each page to be verified. If yes, the page content is displayed; if it does not exist, generate a prompt and jump to the logon page.
However, in the Asp.net era, this process has been greatly reduced, and you do not need to verify the session on every page to be verified. You only need to perform the following steps, to complete the authentication process.

The following describes forms-based authentication in detail:

Step 1: Modify the Web. config file
1. In the <system. web> and </system. in Web>, find the <authentication> section and change it to <Authentication mode = "forms"/>. forms indicates form authentication.
2. Add "<authorization> <deny users = "? "/> </Authorization>", where "<deny users = "? "/>" Indicates that all anonymous users are rejected (do not write <allow users = "*"/>. Otherwise, the logon page is not displayed during anonymous access ).

Step 2: Create a login. aspx File
After the first step, no matter which file the user accesses the website, Asp.net will automatically jump to login as long as it has not been authenticated. on the aspx webpage, and use the returnurl parameter in the URL to pass the webpage currently accessed by the user.
If the user directly accesses the test. aspx file without authentication, Asp.net automatically redirects to the login. aspx webpage. In this case, the URL in the address bar of the browser window is: "login. aspx? Returnurl = % 2ftest. aspx ". Therefore, you can jump the webpage back to the webpage specified by the returnurl parameter after the authentication is passed.

Step 3: Verify the identity in the login. aspx File
The authentication method is relatively simple. Generally, a text box and a password box are created. After you enter the user name and password, click the submit button to authenticate the identity in the database, if the user name is 1 and the password is 2, the authentication is successful.
After Authentication, use formsauthentication. setauthcookie () to create an authentication ticket for the user and add it to the cookie. After accessing other web pages on the website, you do not need to use authentication. The code after clicking the submit button is as follows.
The Code is as follows:

Protected void button#click (Object sender, eventargs e) {// authentication method. In this example, the user name is 1, the password is 2 if (textbox1.text = "1" & textbox2.text = "2") {/** create an authentication ticket for the user name, and add it to the response cookie. * The first parameter of setauthcookie is the name of the verified user. * The second parameter of setauthcookie is true. The table creates a persistent cookie (a cookie that is stored in a cross-browser session). If it is false, the user needs to re-authentication after the browser is closed */formsauthentication. setauthcookie (textbox1.text, false);} // jump to default if the returnurl parameter is not passed in the URL. aspx, otherwise jump to the page specified by the returnurl parameter value if (string. isnullorempty (request. querystring ["returnurl"]) {response. redirect ("default. aspx ");} else {response. redirect (request. querystring ["returnurl"]. tostring ());}}

In just three steps, you can perform identity verification. Is it cool?
This example is successfully tested in vs2005.
The advantages of this example are that the process and code are very simple.
In this example, the website must be authenticated. You cannot specify which files can be accessed anonymously and which files cannot be accessed anonymously.
Detailed source reference: http://www.jb51.net/article/18294.htm