Asp.net logon verification method: Web. config access permission Configuration

FORM Verification is set by WEB. config.

<Authentication mode = "Forms">

<Forms loginUrl = "Login. aspx" name = ". ASPXAUTH"> </forms>

</Authentication>

Then

FormsAuthentication. SetAuthCookie (username, false); // create a user ID without cross-browser operations
The Username can be retrieved from the database.

Context. User. Identity. Name. ToString ();
When one of them is used to verify the current user and pass the verification, it is necessary to save a verification ticket between the server and the client to save the verification information .. NET provides an IIdentity-like interface to complete this function. Note that context. user is an interface of the IPrincipal (user object) type, while identity is an interface of the IIdentity (flag object) type.

Four types of FormsIdentity GenericIdentity PassportIdentity WindowsIdentity implement the IIdentity interface. These types correspond to several verification modes of. NET. The above is basically nonsense, just a bit. However, let's take a look at the above, and then find the ASP. NET Forms authentication article on MSDN. Take a look at the use of the FormsIdentity class during forms authentication. Some information is saved to the instance of the FormsIdentity class, and context. user. identity. name can be extracted during use.

You can use your own class to put it in user. Identity. Context. User. Identity. Name indicates the Name of the current User. You can put anything you want. Note that you can use the following code:

HttpContext. Current. User = new GenericPrincipal (object, "");

Object is your own defined class.

--------------------------

System. Security. Principal namespace

IPrincipal defines the basic functions of user objects.

The user object represents the security context of the user. The code is currently run in the name of the user, including the user identity and any roles they belong.

All user objects must implement the IPrincipal interface.

IIdentity defines the basic functions of the Identity object.

Create a GenericPrincipal object
Create a new instance that identifies the class and initialize it with the name it wants. The following code creates a new GenericIdentity object and initializes it with the name MyUser.

Copy code in Visual Basic
Dim MyIdentity As New GenericIdentity ("MyUser ")

C # copy code
GenericIdentity MyIdentity = new GenericIdentity ("MyUser ");

Create a new instance of the GenericPrincipal class and initialize it with the previously created GenericIdentity object and a string array representing the role associated with the subject. The following code example specifies a string array that represents an administrator role and a user role. Then, use the previous GenericIdentity and the string array to initialize GenericPrincipal.

Copy code in Visual Basic
Dim MyStringArray As String () = {"Manager", "Teller "}
DIm MyPrincipal As New GenericPrincipal (MyIdentity, MyStringArray)

C # copy code
String [] MyStringArray = {"Manager", "Teller "};
GenericPrincipal MyPrincipal = new GenericPrincipal (MyIdentity, MyStringArray );

Use the following code to attach the subject to the current thread. This is useful in the following scenarios: the subject must be verified multiple times, and the subject must be verified through other code running in the application, or the topic must be verified by the PrincipalPermission object. You can still perform role-based verification on the subject object without attaching the subject to the thread. For more information, see replacing a subject object.

Copy code in Visual Basic

C # copy code