Authentication transfer in Asp.net

 

1. Configure the Security Authentication Mode

In the Web. config file, you can configure the Security authentication mode used by ASP. NET in the <authentication> section to identify the passed-in user.

 <authentication mode="[Windows|Forms|Passport|None]"><forms>...</forms><passport/></authentication>

<Authentication> sectionModeIs a required attribute. Specifies the Default Authentication Mode of the application.

This attribute can be one of the following values:

○Windows:Specify Windows authentication as the default authentication mode. It is used with any form of Microsoft Internet Information Service (IIS) authentication: basic, summary, integrated Windows authentication (NTLM/Kerberos) or certificate. In this case, your application delegates the authentication responsibility to the basic IIS.

○Forms:Set ASP. NET form-based authentication to the Default Authentication Mode.

○Passport:Set Microsoft Passport Network authentication to the Default Authentication mode.

○None:No authentication is specified. Your application only expects anonymous users; otherwise, it will provide its own authentication.

The default value isWindows.

 

2. Set form-based authentication

 

When ASP. NET is based onFormAuthentication mode = "Forms">, its <forms> subnode is the form custom authentication configuration.

Example:

<authentication mode="Forms"><forms cookieless="UseDeviceProfile"defaultUrl="Default.aspx"loginUrl="Login.aspx"name="cnblogs"slidingExpiration="false"timeout="15"/></authentication>

○Cookieless: Defines whether to use cookies and cookie behaviors. The default value isUseDeviceProfile;

○Defaurl URL: Defines the default URL used for redirection after authentication. The default value isDefault. aspx;

○LoginUrl: Specifies the logon URL to which the request is redirected if no valid authentication cookie is found. The default value isLogin. aspx;

○Name: Specifies the HTTP cookie to be used for authentication. The default value is". ASPXAUTH ";

If you are running multiple applications on a server and each application requires a unique cookie, you must configure the cookie name in the web. config file of each application.

○SlidingExpiration:Specifies whether to enable the elastic expiration time.

> TrueSpecifies the auto expiration time. During a single session, the authentication cookie is refreshed and the expiration time of each subsequent request is reset. In. NET Framework 1.x, the default value isTrue.

> FalseSpecify whether to enable the callable expiration function, and specify that the cookie expires after a set interval after it is initially sent. In. NET Framework 2.0, the default value isFalse.

○Timeout:Specify the time before the cookie expires (in integer minutes ). IfSlidingExpirationThe property isTrue, ThenTimeoutThe property is a sliding value and will expire after the specified time (in minutes) after the previous request is received. To prevent compromising performance and prevent sending multiple browser warnings to users who have enabled the Cookie warning, the Cookie will be updated when the specified time has elapsed. This may result in impaired accuracy. Persistent Cookie does not time out. The default value is"30"(30 minutes ).

 

3. Configure Web application authorization

Next, add the <authorization> section to configure Web application authorization to control client access to URL resources.

<authorization><allow ...="" /><deny ...="" /></authorization>

<Authorization> authorization: the order is to write allow first and then deny, otherwise there will be problems.

Allow:Add a rule to the authorization rule ing, which allows access to resources.

Deny:Add an authorization rule that denies access to the resource to the authorization rule ing.

Example:

<authorization><deny users="?" /></authorization>

<Deny users = "? "/> Indicates the Access denied. Question mark (?) The asterisk (*) indicates that anonymous users are denied. If the list of added usernames is separated by commas.

 

After the configuration is complete, the overall configuration of the Web. config file is as follows:

<! -- In the <authentication> section, you can configure the Security authentication mode used by ASP. NET to identify the passed-in user. --> <Authentication mode = "Forms"> <forms cookieless = "UseDeviceProfile" defaultUrl = "Default. aspx "loginUrl =" Login. aspx "name =" newerSize "slidingExpiration =" false "timeout =" 15 "/> </authentication> <! -- <Authorization> authorization: the order is to write allow first and then deny, otherwise there will be problems. --> <Authorization> <deny users = "? "/> </Authorization>

 

4. Use Forms authentication in the page program

In the background code of the page program, we useFormsAuthentication classManage Forms authentication services for Web applications.

On the logon pageLogin. aspxThe Code is as follows:

// Log on to protected void btnLogin_Click (object sender, EventArgs e) {string name = txtName. text. trim (); string pwd = txtPwd. text. trim (); if ("Andy" = name & "123" = pwd) {// method 1 // FormsAuthentication. redirectFromLoginPage (name, true);/* parameter 2 is true: Indicates creating a persistent Cookie (Cookie saved in a cross-browser session) * // method 2 // create a ticket for the user, and put it into the cookie or url (depending on how you set the way the ticket is saved) FormsAuthentication. setAuthCookie (name, true); Response. redirect ("Default. aspx ");} Else {Response. Write ("<script> alert ('logon failed! ') </Script> ") ;}/// cancel protected void btnExit_Click (object sender, EventArgs e) {// Delete the Forms authentication ticket from the browser. FormsAuthentication. SignOut ();}

 

The default page to jump to after Successful LogonDefault. aspxThe Code is as follows:

Protected void Page_Load (object sender, EventArgs e) {// User: obtains information about the User who sends a page request. String username = User. Identity. Name; Label1.Text = username + ": logon successful! ";}

User. Identity. Name is used to obtain the User Name in the Cookie.

 

Author: XuGang Network Name: steel and steel

Source: http://xugang.cnblogs.com

Disclaimer: The copyright of this article is shared by the author and the blog Park! This statement must be retained during reprinting, and the original text connection is given clearly on the article page.

Tag: ASP. NET, permission