Forms authentication (authorization) Details

First set in Web. config

< Authentication Mode = "forms"> set mode = "forms"
<Forms loginurl = "login. aspx" name = "Boyang" Protection = "All "> </Forms> encryption and Protection
</Authentication>
<Authorization> in this example, users are allowed and denied.
<Deny users = "?, A "/> reject? Represents anonymity * represents everyone
<Allow users = "B"/> allow
</Authorization>

When compared with the database, if it passes through, it will be written to the database. The method is as follows, either of which can be
1 // system. Web. Security. formsauthentication. Setauthcookie (This. textbox1.text, False ); Write the information into cookies. False indicates that the cookies are not saved.
// Response. Redirect ("login. aspx"); return the specified page
2 system. Web. Security. formsauthentication. Redirectfromloginpage (This. textbox1.text, True ); // Write the information into cookies and return to the previous page for cookies to save

System. Web. Security. formsauthentication. signout (); // Delete the stored cookies. log out.

The following example shows how to verify the user and password without using a database when there are few users.
For example, if there are three users, add the red part to forms.
<Forms loginurl = "login. aspx" name = "Boyang" Protection = "all">
<Credentials passwordformat = "clear"> // There are three password formats: MD5 sha1 andClear clear is the plaintext password. MD5 is MD5 encryption, and sha1 is also encryption.
If it is MD5 or sha1, the following password should be an encrypted string, and it cannot be unlocked even if someone else sees it,
For example, <user name = "Bo" Password = "adgsfjhfjfjhfjbcbfg">

<User name = "Bo" Password = "Bo"/>
<User name = "mm" Password = "mm"/>
<User name = "PP" Password = "PP"/>
</Credentials>
</Forms>

<Deny users = "? "/>
</Authorization>

To verify login. aspx (with 2 text boxes and a button), use the following method:
If (system. Web. Security. formsauthentication. Authenticate (textbox1.text, textbox2.text) compares whether the user and password are in, if yes, true is returned.
Textbox1.text and textbox2.text correspond to the user and password respectively.

Then write cookes.

System. Web. Security. formsauthentication. setauthcookie (this. textbox1.text.

Because the password in this mode is in plain text, it is very insecure. we can implement it using MD5 and sha1 methods.
First set passwordformat = "MD5" Password = "encrypted string ",

Verify whether system. Web. Security. formsauthentication. Authenticate (textbox1.text, textbox2.text) automatically encrypts textbox2.text and then compares

How to encrypt MDB: system. Web. Security. formsauthentication. hashpasswordforstoringinconfigfile (textbox2.text ,"MD5");

Sha1 password encryption method: system. Web. Security. formsauthentication. hashpasswordforstoringinconfigfile (textbox2.text ,"Sha1");

In this way, encrypted login is realized.

If you want to stop a user (such as Bo), you can<Deny users = "Bo"/>Add Bo to reject users. Although he can log on, an error occurs during verification.