That is, the Membership class and FormsAuthentication are used together to create a user management and authentication system.
Of course, these two parts can be used independently. Today, we will focus on the latter. As for the former, I will write it in the next article.
ASP. NET provides a variety of authentication methods, such as the well-known Windows Authentication
In Windows Authentication mode, the current User attribute value is set to WindowsIdentity Based on the creden。 provided by IIS, but it does not modify the Windows identity provided to the operating system. The Windows identity provided to the operating system is used for permission checks (such as NTFS file permission checks) or for connecting to the database using integrated security. By default, this Windows identifier is the identifier of an ASP. NET process. On Microsoft Windows 2000 and Windows XP Professional, this identity is the identity of the ASP. NET auxiliary process, that is, the local ASPNET account. On Windows Server 2003, this ID is the ID of the IIS application pool to which ASP. NET applications belong. By default, this ID is a network service account.
By enabling the simulation function, you can configure the Windows identity of the ASP. NET application as the Windows identity provided by IIS. That is to say, instruct the ASP. NET application to simulate the identity provided by IIS for all tasks (including file and network access) verified by the Windows operating system. (From the MSDN Library)
Another common authentication is Forms authentication.
Forms authentication allows Web applications that do not require Windows authentication to perform user and password authentication. When Forms authentication is used, user information is stored in external data sources, such as the Member database or in the application configuration file. After a user passes authentication, Forms authentication maintains an authentication ticket in the Cookie or URL. In this way, authenticated users do not need to provide creden。 at each request.
In this way, it is convenient and secure. How can I complete the settings of Forms identity authentication?
First open the configuration file web. config
Find the <authentication> and <authorization> nodes under the <system. web> node to add
<System. web>
<Authentication mode = "Forms">
<Forms loginUrl = "login. aspx"/>
</Authentication>
<Authorization>
<Deny users = "? "/>
</Authorization>
<Authentication> nodes are used to set authentication methods. Here we create Forms
<Forms> you can set the authentication page (logon page), default page, whether to use cookies, and authentication timeout for attributes in a node.
Here we only specify the authentication page loginUrl = "login. aspx"
<Authorization> A node is an authentication node.
<Deny> deny the specified node attribute users = "? "That is, all unauthenticated users must go to the authentication page for authentication.
Which corresponds to the <allow> allowed Node
In this way, the idea is clear. No matter what Page Server the user accesses, it will determine whether the user has passed the authentication. if the user has not been transferred to the authentication page.
The next step is to determine how to complete the authentication in the login. aspx. cs file.
Public void Login_OnClick (object sender, EventArgs args)
{
If (BLL. CheckLogin (this. Txbusername. Text, this. Txbuserpwd. Text ))
FormsAuthentication. RedirectFromLoginPage (UsernameTextbox. Text, NotPublicCheckBox. Checked );
Else
Msg. Text = "Login failed. Please check your user name and password and try again .";
}
Here, the CheckLogin (user name, password) method is used in the logic layer to verify whether the user is valid.
Of course, some verification methods inherited by the Membership class are simpler, but are not described in detail here.
FormsAuthentication class (I finally mentioned the main character). The namespace it belongs to is System. Web. Security;
FormsAuthentication is used to set the authentication class. If the user is valid, the user name is saved in the cookie. After that, the user does not need to authenticate again to access or access other pages.
Common internal methods include:
RedirectFromLoginPage (User Name (string), whether to keep the user name in coolie for a long time (bool ))
Redirects authenticated users back to the original requested URL or default URL
SetAuthCookie (User Name (string), whether to keep the user name in coolie for a long time (bool ))
Create an authentication ticket for the provided user name and add it to the Cookie set or URL of the response
And so on.
I hope you can explore the specific usage or in-depth exploration.