Membership role and permission management [2]

3. Configure web. config

Web. config also needs to be modified. Add an authentication node under the system. Web node.

Since membership is used for member qualification management, of course, login authentication is required, so first add a form authentication.

<Authentication mode = "forms">
<Forms loginurl = "login. aspx" name = ". aspxlogin"/>
</Authentication>

Add a membership node under the system. Web node.

<Membership defaultprovider = "aspnetsqlmembershipprovider" userisonlinetimewindow = "15" hashalgorithmtype = "">
<Providers>
<Clear/>
<Add connectionstringname = "connectionstring" enablepasswordretrieval = "false" enablepasswordreset = "true" Success = "true" applicationname = "/" requiresuniqueemail = "false" passwordformat = "hashed" Success =" 5 "minrequiredpasswordlength =" 7 "minrequirednonalphanumericcharacters =" 1 "passwordattemptwindow =" 10 "passwordstrengthregularexpression =" "name =" aspnetsqlmembershipprovider "type =" system. web. security. sqlmembershipprovider, system. web, version = 2.0.0.0, culture = neutral, publickeytoken = b03f5f7f11d50a3a "/>
</Providers>
</Membership>

Attribute description:

Defaultprovider: Name of the provider. The default value is aspnetsqlmembershipprovider. If you have multiple providers, it is wise to specify a default value.
Userisonlinetimewindow: Specify the number of minutes that the user is considered online after the date/timestamp of the last activity.
Hashalgorithmtype: The identifier of the algorithm used to hash the password, or is null to use the default hash algorithm.Connectionstringname: The connection name of the membership database.
Enablepasswordretrieval: Indicates whether the current membership provider is configured to allow users to retrieve their passwords.
Enablepasswordreset: Indicates whether the current membership provider is configured to allow users to reset their passwords.
Requiresquestionandanswer: Indicates whether the default membership provider requires the user to answer the password prompt questions during password reset and retrieval.
Applicationname: Application name.
Requiresuniqueemail: Indicates whether the membership provider is configured to require each user name to have a unique email address.
Passwordformat: Indicates the format of the password stored in the member qualification data storage area. Values include clear, encrypted, and hashed. Clear passwords are stored in plain text, which improves the performance of storing and retrieving passwords, but are less secure. When the security of data sources is threatened, such passwords are easily read. The encrypted password is encrypted during storage and can be decrypted during password comparison or retrieval. This type of password requires additional processing during storage and retrieval, but it is relatively secure and is not easy to obtain when the security of the data source is threatened. When the hashed password is stored in the database, it uses a one-way hash algorithm and a randomly generated salt value for hash processing. When a password is verified, the password is hash calculated using the salt value in the database for verification. The hash password cannot be retrieved.
Maxinvalidpasswordattempts: Number of attempts to prompt questions and answers to the invalid or invalid passwords allowed before the user is locked.
Minrequiredpasswordlength: Minimum length required by the password.
Minrequirednonalphanumericcharacters: The minimum number of special characters that a valid Password must contain.
Passwordattemptwindow: The maximum number of minutes that a question answer attempt can be prompted for an invalid password or password before the user is locked. This is an additional measure to prevent unknown sources from repeatedly trying to guess the password of a Member-qualified user or the password prompts the answer to the question.
Passwordstrengthregularexpression: Calculate the regular expression of the password.

After configuring web. config for membership, configure its role management rolemanager, which is also under system. Web.

<Rolemanager enabled = "true" cacherolesincookie = "true">
<Providers>
<Clear/>
<Add connectionstringname = "connectionstring" applicationname = "/" name = "aspnetsqlroleprovider" type = "system. web. security. sqlroleprovider, system. web, version = 2.0.0.0, culture = neutral, publickeytoken = b03f5f7f11d50a3a "/>
</Providers>
</Rolemanager>

Attribute description:
Cacherolesincookie: Indicates whether the role of the current user has been cached in a cookie.
When the cacherolesincookie attribute is set to true in the configuration file, the role information of each user is stored in a cookie on the client. When role management checks whether a user belongs to a specific role, it checks the role cookie before calling the role provider to check the role list in the data source. The cookie is dynamically updated on the client to cache recently verified role names.
Web. config is configured almost.