Basic knowledge for authentication using Forms authentication

And Forms authentication Related Configuration

In the Web. config file, the <system. Web>/<authentication> Configuration section is used to configure verification. Provide the mode = "forms" attribute for the <authentication> node to enable Forms authentication. A typical <authentication> Configuration section is as follows:
 

< Authentication Mode = "Forms" >
< Forms
Name = ". Aspxauth"
Loginurl = "Login. aspx"
Defaurl URL = "Default. aspx"
Protection = "All"
Timeout = "30"
Path = "/"
Requiressl = "False"
Slidingexpiration = "False"
Enablecrossappredirects = "False"
Cookieless = "Usedeviceprofile"
Domain = ""
/>
</ Authentication >

 

Formsauthentication Class

The formsauthentication class is used to help us complete form verification and further complete user login and other functions. This class is located in the system. Web. Security namespace of the system. Web. dll assembly. This class can be directly used in a web site project. If you use this class in a class library project, make sure that system. Web. dll is referenced.

There are a few common methods for this class.

The redirecttologinpage method is used to redirect from any page to the logon page. There are two methods to reload this method:

Public Static VoidRedirecttologinpage ()Public Static VoidRedirecttologinpage (StringExtraquerystring)

Both methods redirect the browser to the logon page (the logon page url is indicated by the loginurl attribute of the <forms> node ). The second method provides additional query strings.

Redirecttologinpage is usually called on any non-Logon page. In addition to redirection, This method also attaches a returnurl parameter to the URL, which is the URL address of the page on which the method is called. This is to facilitate the automatic return to the previous page after logon.

The redirectfromloginpage method is used to jump back to the pre-Logon page from the logon page. This "before Logon" page is specified by the returnurl parameter provided during logon. If the returnurl parameter is not provided (for example, instead of using the redirecttologinpage method, you can use other methods to redirect to or directly access the logon page ), this method automatically jumps to the page specified by the defaulturl attribute of the <forms> node.

In addition, if the enablecrossappredirects attribute of the <forms> node is set to false, the path specified by the returnurl parameter must be the path in the current web application; otherwise, (such as the path under other sites) the response page is also returned.

The redirectfromloginpage method has two reload methods:

Public Static VoidRedirectfromloginpage (StringUsername,BoolCreatepersistentcookie)Public Static VoidRedirectfromloginpage (StringUsername,BoolCreatepersistentcookie,StringStrcookiepath)

The username parameter indicates the user ID (such as the user name and user ID );

The createpersistentcookie parameter indicates whether to "remember me ";

The strcookiepath parameter indicates the Cookie Path.

In addition to redirection, The redirectfromloginpage method also stores user creden encrypted (whether encrypted depends on the Protection attribute of the <forms> node) in cookies or Uris. In subsequent access, as long as the cookie does not expire, the username attribute passed in here can be obtained through the httpcontext. User. Identity. Name attribute.

In addition, formsauthentication hasSignoutMethod for completingUser logout. The principle is to remove user creden。 from the cookie or Uri.