FormsAuthentication Implementing Login (GO)

Configuration Item Description:

<authentication mode= "Forms" >

<forms

Name= ". Aspxauth "

Loginurl= "Login.aspx"

Defaulturl= "Default.aspx"

Protection= "All"

timeout= "30"

Path= "/"

Requiressl= "false"

Slidingexpiration= "false"

Enablecrossappredirects= "false"

Cookieless= "UseDeviceProfile"

Domain= ""

/>

</authentication>

The code above uses the default settings, in other words, if you have a configuration property that is consistent with the above code, you can omit the attribute such as <forms name= "Myappauth"/>. Here's a look at the various properties:

L Name--cookie's name. The Forms authentication may place user credentials in a cookie after validation, and the name attribute determines the cookie's moniker. This configuration value can be obtained with the Formsauthentication.formscookiename property (the Fromsauthentication class is described later).

L loginurl--The URL of the login page. This configuration value can be obtained through the Formsauthentication.loginurl property. When the Formsauthentication.redirecttologinpage () method is called, the client request is redirected to the page specified by the property. The default value for Loginurl is "login.aspx", which means that the ASP is not available even if the property value is not provided. NET will also try to find a page named Login.aspx in the site root directory.

L defaulturl--The URL of the default page. The configuration value is obtained through the Formsauthentication.defaulturl property.

L Protection--cookie Protection mode, the desirable values include all (simultaneous encryption and data validation), encryption (encryption only), Validation (data validation only), and none. For security, this property is typically never set to none.

L TIMEOUT--COOKIE the expiration time.

L Path--cookie's path. This configuration value can be obtained through the Formsauthentication.formscookiepath property.

L requiressl--When you perform the forms authentication, it requires SSL to interact with the server. This configuration value can be obtained through the Formsauthentication.requiressl property.

L slidingexpiration--Whether elastic expiration is enabled, and if the property is set to False, the cookie expires after the timeout time after the first authentication, and if this property is true, the timeout time expires from the last request. This means that, after the first verification, if at least one request is guaranteed to be sent per timeout time, the cookie will never expire. This configuration value can be obtained through the Formsauthentication.slidingexpiration property.

L enablecrossappredirects--Whether the authenticated user can be redirected to another application. This configuration value can be obtained through the Formsauthentication.enablecrossappredirects property. For security reasons, this property is always set to false.

L cookieless--defines the use of cookies and the behavior of cookies. Forms authentication can save user credential information in a session in two ways, using a cookie to record the user's credentials into a cookie, which the browser makes available to the server each time a request is sent. Another way is to use URIs to pass user credentials as additional query strings in the URL to the server. The attribute has four values--usecookies (whenever a cookie is used), UseUri (Never use cookies, only URIs), AutoDetect (detection device and browser, Cookies are only used when the device supports cookies and cookies are enabled in the browser, and usedeviceprofile (only devices are detected, as long as the device supports cookies, regardless of whether the browser supports them). This configuration value can be obtained through the Formsauthentication.cookiemode property. The Formsauthentication.cookiessupported property allows you to use cookies to pass user credentials for the current request.

L Domain--cookie's domain. This configuration value can be obtained through the Formsauthentication.cookiedomain property.

Login code:

[HttpPost]PublicActionResult LogOn (Logonmodel model) {If(modelstate.isvalid) {
　　　　If (model. UserName " username " && model. Password " password ") {FORMSAUTHENTICATION.REDIRECTFROMLOGINP Age (model. UserName, model. 　　　　RememberMe); }}
Return View (" Span style= "color: #800000;" >logon failed! ");}

Exit code:

public ActionResult LogOff () { //formsservice.signout (); formsauthentication.signout ();
return redirecttoaction ("Index", "Home");

FormsAuthentication Implementing Login (GO)