ASP. NET Security Authentication (1) -- how to use form Authentication

From: http://blog.csdn.net/cityhunter172/archive/2005/11/06/524043.aspx

Collation

The Code has been written N for a long time and I always want to write something else. This is not the case. The above mentioned integration of two projects into a single sign on (Single Sign On), also known as "Single Sign-On ". After reading the relevant documents, I finally realized it. Now I will share it with you. You may ask, "Is this not the same as the title ?" Don't worry. Before I start, I thought about some problems I encountered when I was using form authentication, and some skills I used in the use process (I think it is also opportunistic ). Even when I was in junior high school, the level of Chinese language was not very good. I often couldn't write my compositions in the examination, so my writing level was limited. Please take a large amount of data. By the way, I am not only limited in writing, but also not very good in programming ability. This article is for everyone to learn and exchange. We welcome the masses to come and comment with eggs and flowers. Please note that the original author Nai Han Yu Feng is also, I am not very grateful!

This is almost the case. To put it bluntly, there are four authentication modes: "Windows", "form", "Passport", and "NONE" for ASP. NET security authentication. "Windows" and "NONE" do not play a protection role and are not recommended. I have never used "Passport", alas ...... So I have to talk about "form" certification. I plan to divide it into three parts:

Part 1 -- How to Implement from authentication;

Part 2: Practical Application of form authentication;

Part 3: Single Sign on)

Part 1 how to use form Authentication

1. Create a test project
For better description, it is necessary to create a test project ("formtest" for the time being), which contains three pages (default. aspx, login. aspx, userinfo. aspx ). What? No one will create a project or add a page? What should I do? I think it's okay: drag it out, call it back, learn from kindergarten ......

2. modify web. config

1. Double-click Web. config in the project (No, cannot find pp)

2. Find the following text <Authentication mode = "Windows"/> and change it:

<Authentication mode = "forms">
<Forms loginurl = "login. aspx" name = ". aspxauth"> </Forms>
</Authentication>

3. Find

<Authorization>
<Allow users = "*"/>
</Authorization>

Change

<Authorization>
<Deny users = "? "> </Deny>
</Authorization>

There is nothing to say here, just copy it. However, some people may make a mistake as follows:

<Authentication mode = "forms">
<Forms loginurl = "login. aspx" name = ". apsx"> </Forms>
<Deny users = "? "> </Deny>
</Authentication>

If you want to ask who used <deny users = "? "> </Deny> put in <authentication>, I will be honored to tell you that it was me n years ago: <authentication> and <authorization> both start with the auth letter and end with the ation. Why? I think they are a group of English words that cannot be memorized ......

3. Write. CS code-Logon and exit

1. logon code:
A. Introduced in books

Private void btn_login_click (Object sender, system. eventargs E)
{
If (this. txt_username.text = "admin" & this. txt_password.text = "123456 ")
{
System. Web. Security. formsauthentication. redirectfromloginpage (this. txt_username.text, false );
}
}

B. I have been searching for N for a long time.

Private void btn_login_click (Object sender, system. eventargs E)
{
If (this. txt_username.text = "admin" & this. txt_password.text = "123456 ")
{
System. Web. Security. formsauthentication. setauthcookie (this. txt_username.text, false );
Response. Redirect ("default. aspx ");
}
}

The two types of cookies can be issued after verification, that is, they pass verification. difference:

Method A) returns the request page after verification, which is commonly known as "from where to where ". For example, if you enter http: // localhost/formtest/userinfo. aspx directly in the IE address bar before logging on, the user will see login. aspx? Returnurl = userinfo. aspx. After the user name and password are entered, the system returns the corresponding page based on the value of "returnurl ".

Method B) two steps are taken: after the verification is passed, the cookie is directly issued, and the jump page will be designated by the programmer. This method is mostly used in the system where default. aspx uses the framework structure.

2. Exit code:

Private void btn_logout_click (Object sender, system. eventargs E)
{
System. Web. Security. formsauthentication. signout ();
}

Iv. How to determine whether the verification is successful and obtain the verified user information

Sometimes, you need to determine whether the user has logged on to the same page and then display different la S. Some people like to use the session to judge, and I do not oppose this kind of practice. Here I just want to tell you there is another method and read the following code:

If (user. Identity. isauthenticated)
{
// You have passed the verification. Do you know what to do?
}

User. identity also has two attributes: authenticationtype (authentication type) and name (User Name). Note that the name attribute is the user. identity. name will get, when the verification passes (redirectfromloginpage or setauthcookie), we bring the first parameter This. txt_username.text. This parameter is very important and related to various types ...... In all kinds of situations, let's talk about this and break it down ......

ASP. NET Security Authentication (II)-flexible use of deny and allow in form authentication and Protection of. HTM files

My first flash