[C #. Net] protects your ASP. NET application (3) security-related controls

Source: Internet
Author: User
Tags alphanumeric characters
Document directory
  • 15.6 security-related controls
  • 15.6.1 ASP. Net Logon control Overview
  • 15.6.2 logon Control
  • 15.6.4 password recovery Control
15.6 security-related controls 15.6.1 ASP. NET logon controls overview

Use ASP. NET 2.0 provides these controls, we only need to make simple settings, and do not need to write a line of code to provide "Registration", "login", "Change Password", "retrieve password" and other operations closely related to the account..

15-26 shows a set of logon controls in the IDE toolbox.

Figure 15-26 ASP. Net Logon Control

15.6.2 logon Control

First add a login. aspx, put a login control on the page, and then configure the control using the Properties window.

<Asp: Login ID = "login1" runat = "server" createusertext = "not registered? "

Createuserurl = "register. aspx" passwordrecoverytext = "forgot password? "

Passwordrecoveryurl = "passwordrecovery. aspx"/>

The createusertext attribute indicates the string for creating a user link. The createuserurl attribute indicates the link address for creating a user, the passwordrecoverytext attribute indicates the string for retrieving the password link, and the passwordrecoveryurl indicates the link address for retrieving the password.

Then browse login. aspx, as shown in Figure 15-27.

Figure 15-27 login Control

"Hspace =" 12 "src =" http://book.csdn.net/BookFiles/406/img/image062.gif "width =" 159 "align =" Left "> 15.6.3 create a User Wizard Control

When creating the login page, we configured the registration link address as register. aspx. Therefore, we need to create a register. ASPX page for registration. Place a createuserwizard control on the page.

<Asp: createuserwizard id = "createuserwizard1" runat = "server"

Continuedestinationpageurl = "default. aspx"/>

Here, the continuedestinationpageurl attribute indicates the page address to be switched after registration. Then, we will create default. aspx to display the login name, logon status, and other information.

View the default. aspx effect, as shown in Figure 15-28.

Figure 15-28 createuserwizard Control

"Hspace =" 12 "src =" http://book.csdn.net/BookFiles/406/img/image063.gif "width =" 196 "align =" Left "> pay attention to the following points.

1. After registration, the system will automatically log on to the user.

2. by default, the password must have a certain intensity (the minimum length is 7 characters and must contain 1 non-alphanumeric character). You can modify the password by modifying the web. config file to change this setting. For example, the following configuration section specifies a provider of myaspnetsqlprovider for membership and sets the minimum password length to 6 characters, do not need to contain any non-alphanumeric characters (<system. web> under a node ).

<Membership defaultprovider = "myaspnetsqlprovider">

<Providers>

<Add name = "myaspnetsqlprovider" type = "system. Web. Security.

Sqlmembershipprovider "connectionstringname =" localsqlserver"

Minrequiredpasswordlength = "6" minrequirednonalphanumericcharacters = "0"

Applicationname = "/"/>

</Providers>

</Membership>

Of course, do not forget to specify the database connection string for the membership service (under the <configuration> node ).

<Connectionstrings>

<Add name = "localsqlserver" connectionstring = "Data Source =." sqlexpress; Integrated

Security = sspi; attachdbfilename = | datadirectory | aspnetdb. MDF; user instance = true"

Providername = "system. Data. sqlclient"/>

</Connectionstrings>

Note: For other configurations related to membership, review section 15.5.1.

15.6.4 password recovery Control

Follow the passwordrecoveryurl attribute of the login control to create a new passwordrecovery. ASPX page for Password Recovery (password retrieval. Put a passwordrecovery control on the page. The password recovery process is as follows.

1. Enter the user name.

2. Enter the answer to the password question.

3. If the answer is correct, the system will send the new password to the user's mailbox.

Therefore, we need to add the SMTP mail server configuration under the <configuration> node of the web. config file.

<System.net>

<Mailsettings>

<SMTP from = "sender's email address">

<Network host = "SMTP mail server name" Port = "port (25 by default)" Password = "" username = ""/>

</SMTP>

</Mailsettings>

</System.net>

Browse passwordrecovery. aspx to retrieve the password, and then you will receive an email from 15 to 29:

Figure 15-29 password recovery email sent by the System

"Hspace =" 12 "src =" http://book.csdn.net/BookFiles/406/img/image064.gif "width =" 196 "align =" Left "> 15.6.5 change password control

After logging on, you may want to change the password. Now you can create a changepassword. ASPX page, and then place a changepassword control on the page.

<Asp: changepassword id = "changepassword1" runat = "server" continuedestinationpageurl =

"Default. aspx"/>

Here, we set the continuedestinationpageurl attribute to default. aspx, indicating that the system will be transferred to default. aspx after the password is changed. The password change page is 15-30.

Figure 15-30 changepassword Control

"Hspace =" 12 "src =" http://book.csdn.net/BookFiles/406/img/image065.gif "width =" 196 "align =" Left "> 15.6.6 other controls

Finally, complete default. aspx. In addition to registration, logon, and password operations, we often have other requirements, such as the following operations.

· Provides logon operations for non-logged-on users and exits for logged-on users.

· Display the user name that has been logged on.

· Different information is displayed for logged-on and Unlogged-on users.

To implement these three requirements, you do not need to write any code. You can use the loginstatus, loginname, and loginview controls respectively.

· The loginstatus control automatically displays the logon "Link" or exit "Link" based on whether the user logs in ". Of course, you can also replace text with images.

· The loginname control displays the logon username in a certain format.

· The loginview control provides templates such as loggedintemplate and anonymoustemplate. The content in the loggedintemplate template is displayed after logon, And the content in the anonymoustemplate template is displayed when you are not logged on.

Next, add the three controls on the page and make some settings.

<Asp: loginstatus id = "loginstatus1" runat = "server"/>

<Asp: loginname id = "loginname1" runat = "server" formatstring = "Hello, {0}"/>

<Asp: loginview id = "loginview1" runat = "server">

<Loggedintemplate>

<A href = "changepassword. aspx"> Change Password </a>

</Loggedintemplate>

<Anonymoustemplate>

<A href = "passwordrecovery. aspx"> restore password </a>

</Anonymoustemplate>

</ASP: loginview>

The page effect is 15-31.

Before Logon:

After Logon:

Figure 15-31 loginstatus, loginname, and loginview controls

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.