Form authentication for ASP.net

The authentication type of asp.net is as follows:

 
In our actual work, froms still uses a lot of authentication, so let's talk about it in detail:
As a web development programmer, I think there are too many contacts to log on to the form. However, I found that some programmers stored the authenticated user name in a session during authentication, and then went to every page of the system to verify whether the session was empty, response. redirect ("...... aspx ").
I think this method is insufficient for form authentication provided by asp.net. The first step is to increase the amount of code, because we need to verify whether the session exists on every page. Second, sessions are stored in the server memory. I think that if you use sessions frequently, the server will be slowed down. Form authentication is different. It stores data in cookies, so it can reduce the pressure on the server.
Example 1:
Add two pages to the project: login. aspx (used for Logon) and main. aspx (main interface)
If we have added from authentication, we must first set not to allow anonymous access to the website, and then add the authenticated users to the cookie. The web configuration file is as follows:

[Html]
<? Xml version = "1.0" encoding = "UTF-8"?>
 
<! --
-->
 
<Configuration>
<System. web>
<Compilation debug = "true" targetFramework = "4.0"/>
 
<Authentication mode = "Forms">
<Forms name = "save" loginUrl = "login. aspx" protection = "All">
</Forms>
</Authentication>
 
<Authorization>
<Deny users = "? "/>
</Authorization>
</System. web>
 
 
</Configuration>
Note:


After setting, If we directly access the main. aspx page, the page will jump to login. aspx.

 
 
Write the following code under the logon button:

[Csharp]
Using System;
Using System. Collections. Generic;
Using System. Linq;
Using System. Web;
Using System. Web. UI;
Using System. Web. UI. WebControls;
 
Namespace LastTest
{
Public partial class login: System. Web. UI. Page
{
Protected void Page_Load (object sender, EventArgs e)
{
 
}
 
Protected void button#click (object sender, EventArgs e)
{
If (true) // you can check the database to verify that the user is valid.
{
// The two statements to be commented out are equivalent to the following statement: Save the user and return to the original page.
// System. Web. Security. FormsAuthentication. SetAuthCookie (TextBox1.Text, chkIsSavePwd. Checked );
// Response. Redirect ("main. aspx ");
System. Web. Security. FormsAuthentication. RedirectFromLoginPage (TextBox1.Text, chkIsSavePwd. Checked );
}
Else
{
 
}
}
}
}

Of course, you can also delete authentication and log out. We will add a Logout button on the main interface:


Code for logout:

[Csharp]
Using System;
Using System. Collections. Generic;
Using System. Linq;
Using System. Web;
Using System. Web. UI;
Using System. Web. UI. WebControls;
 
Namespace LastTest
{
Public partial class main: System. Web. UI. Page
{
Protected void Page_Load (object sender, EventArgs e)
{
 
}
 
Protected void button#click (object sender, EventArgs e)
{
// Delete the from verification ticket from the browser
System. Web. Security. FormsAuthentication. SignOut ();
// Return to the logon page.
Response. Redirect ("login. aspx ");
}
}
}

Of course, if there are several users in a system, we can also add a fixed user, and then encrypt the user's password: If MD5 encryption or SHA1, you can also use clear (plaintext, insecure ).
Author: yjjm1990