What is the authentication method for [to] ASP? What is the principle of the distinction?
There are three types of authentication for ASP. Windows | Forms | Passport ", which is the most and most flexible for forms verification. The Forms authentication method provides good support for user-based authentication authorization, which can authenticate the user through a login page, send the user's identity back to the client's cookie, and then the user accesses the Web app and sends it to the server along with this identity cookie. The authorization settings on the server can control the access authorization of different users according to different directories.
The problem is that, in practice, what we often need is role-based, or user-group-based authentication and authorization. For a Web site, the general mode of authentication authorization should be: according to the actual needs of the user into different identities, that is, the role, or the user group, verification process not only to verify the identity of the user itself, but also to verify that it belongs to which role. Access authorization is set based on roles, what resources some roles can access, what resources are not accessible, and so on. If the user-based access will be a very impractical approach, the user has a lot of, but also may be at any time to increase or decrease, it is not possible in the configuration file for the increasing number of new users to add access to authorization.
Here's a look at the process of forms.
Basic principles of Forms authentication:
I. Identity verification
To use Forms authentication, you first need to make the appropriate settings in Web. config in the application root directory:
<authentication mode= "Forms" > <forms name= ". Aspxauth "slidingexpiration=" true "Loginurl="/login.aspx "timeout=" "path="/"domain=". ABC.com "> </ Forms> </authentication>
where <authentication mode= "Forms" > indicates that the application uses forms authentication.
1. The name in the <forms> tab indicates the HTTP Cookie that is specified to be used for authentication. By default, the value of name is. Aspxauth. After authenticating the user in this way, a FormsAuthenticationTicket type of authentication ticket is established with this user's information, and then the encryption is serialized to a string, Finally, this string is written to the client's name in the specified name of the cookie. Once this cookie is written to the client, the user will be sent to the server with a cookie once it is posted to the Web app, and the server will know that the user has been authenticated.
And look at what information the authentication ticket contains, let's look at the FormsAuthenticationTicket class:
Cookiepath
: Returns the path where the Cookie was issued. Note that the path of the form is set to/. Because the form is case-sensitive, this is a safeguard that is taken to prevent inconsistencies in the case of URLs in the site. This is used when refreshing cookies
Expiration
: Gets the date/time when the Cookie expires.
ispersistent
: Returns True if a persistent Cookie has been issued. Otherwise, the authentication Cookie will be limited to the browser lifecycle.
IssueDate
: Gets the date/time when the Cookie was originally issued.
Name
: Gets the user name associated with the authentication Cookie.
UserData
: Gets the application definition string stored in the Cookie.
Version
: Returns the byte version number for future use.
What are the authentication methods for ASP.