Description of the safety of the Venus System (OA system, reservation system, leave system, etc.)

The Guiding star system is recommended to be installed in the intranet, therefore, the system uses a relatively simple authentication.

In fact, when the page is accessed, the system will determine whether the current cookie's UID is greater than 0, and if so, indicates that the user is logged in or is not logged in.

    public static int GetUserId        {  
        Get             {                              return (httpcontext.current.request.cookies["userinfo"] = = null)? -1:int. Parse (httpcontext.current.request.cookies["userinfo" ["userid"]);            }                    }

Then, on the Master Master page, determine if the UserID is greater than 0:

if (Userhelper.getuserid > 0)            {               //already logged in            }            else            {                 Response.Redirect ("Login.aspx");            }

For the intranet, basically security can be satisfied, but for the users put on the public network, it is necessary to consider the attacker can easily forge cookies to bypass the authentication.

For users on the public network, please open the Web. config and add the following red configuration.

The system will be forced to use the authentication built into the ASP.

  <system.web>    <authorization>      <deny users= "?" />    </authorization>    </system.web>

-------------------------------------above---------------------------------------------------------------------------------- ------------------------

For users put on the public network, the above basically can give a good system to meet the security. However, you may want the system to automatically remember the user login name and password. In fact, in our login code,

   Httpcontext.current.response.cookies[formsauthentication.formscookiename]. Path = path;                Httpcontext.current.response.cookies[formsauthentication.formscookiename]. Expires = DateTime.Now.AddDays (7);

But you will find that when the <deny users= "?" is added to the/>, the system does not seem to remember the cookie, basically every visit or need to log in.

This is because ASP. NET will automatically generate a random computer key when the system is running.

You can force ASP. NET to use a unique key by using the following method.

Open IIS. Choose your app on the left. Then find the computer key on the right.

As you can see, the system randomly generates a computer key each time the application runs.

Click "Generate Key" on the right

Click Apply

At this point, the system automatically adds the Machiekey key to the Web. config. This way, you can remember your account by using form authentication.

Description of the safety of the Venus System (OA system, reservation system, leave system, etc.)