Introduction to ASP. NET authentication mechanism membership-configuration (1)

Access Control and role management are used in almost all systems, such as creating, modifying, and Deleting Users and roles, assigning roles to users, and managing users in roles. So ms is stored in ASP. NET 2.0 has implemented these functions, so that we do not need to consider this content during development and devote more energy to the development of business logic. This greatly improves the development efficiency. Next we will learn how to use membership.

1. Add Database Support

To use membership, you must first support the database. Therefore, the first step is to create a table structure to store user and role information. Don't worry, Ms has long written the statement for creating a table, and provides a user interface. Let's click it to create the required structure.

The specific operation is as follows: Go to the C: \ WINDOWS \ microsoft. Net \ framework \ v2.0.xxxxx(vs2010's directory is v4.0.xxxx). find aspnet_regsql.exe and double-click it to run it. An interface is displayed and the next step is displayed. On the second page, choose whether to add or remove the table structure. Of course, choose add to continue the next step. In this interface, enter the Server IP address and authentication information. After entering this information, you can select the database to which you want to add the table structure. Note: If the default value is selected, a new database named aspnetdb is created and the table structure is added to the database. The database structure is added in the next step.

2. Web. config Configuration

Now, after adding the table structure, you need to perform some simple configuration in the project. Create a new website in Vs, and then use NotePad to open C: \ WINDOWS \ Microsoft. net \ framework \ v2.0.xxxxx \ config \ machine. in the config file, find system. the membership node under the Web node copies the entire node to the web of the new website. system. in the Web node.

 

CopiedCodeAs follows:

< Membership >
< Providers >
< Add Name = "Aspnetsqlmembershipprovider"
Type = "System. Web. Security. sqlmembershipprovider, system. Web, version = 2.0.0.0, culture = neutral, publickeytoken = b03f5f7f11d50a3a"
Connectionstringname = "Localsqlserver"
Enablepasswordretrieval = "False"  
Enablepasswordreset = "True"  
Requiresquestionandanswer = "True"  
Applicationname = "/"  
Requiresuniqueemail = "False"  
Passwordformat = "Hashed"  
Maxinvalidpasswordattempts = "5"  
Minrequiredpasswordlength = "7"  
Minrequirednonalphanumericcharacters = "1"  
Passwordattemptwindow = "10"  
Passwordstrengthregularexpression = "" />
</ Providers >
</ Membership >

 

The following are the meanings of the main attributes:

Name: Data provisionProgramBecause we copied the name from machine. config, we must change the name to avoid duplicate names.

Type: Data Provider type. If MSSQL database is used, it will remain unchanged. If other databases such as Oracle are used, you must create a class to inherit from it.MembershipproviderAbstract The base class, override all the abstract methods in it, and write the type here.

Connectionstringname: This attribute must be specified in <Connectionstrings> Name of a connection string in the node.

Applicationname: Application name. membership allows multiple applications to use a single database to manage their own user and role information. Each application only needs to configure different applicationnames. Of course, if you want multiple applications to use the same user role information, you only need to set the same applicationname.

Requiresuniqueemail: As the name implies, do you need to provide an unregistered email address when registering a user.

Passwordformat: Password Storage Format, the format of the password stored in the database, the most commonly used areClear(Not encrypted) andHashed(Use sha1AlgorithmEncryption)
Minrequiredpasswordlength: Minimum Password Length.

Minrequirednonalphanumericcharacters: Specifies the minimum number of special characters that must be included in a valid password, that is, the number of characters that are not letters or numbers, such as +-*/, or something, to increase the password strength.

Now, let's modify the configuration and add the connection string:

< Connectionstrings >
< Add Name = "Connectionstring" Connectionstring = "Server =.; uid = sa; Pwd = sa; database = aspnetdb" />
</ Connectionstrings >

< System. Web >
< Membership Defaultprovider =" Mysqlmembershipprovider" >
< Providers >
< Add Name = "Mysqlmembershipprovider"
Type = "System. Web. Security. sqlmembershipprovider, system. Web, version = 2.0.0.0, culture = neutral, publickeytoken = b03f5f7f11d50a3a"
Connectionstringname = "Connectionstring"
Enablepasswordretrieval = "False"  
Enablepasswordreset = "True"  
Requiresquestionandanswer = "True"  
Applicationname = "Testmembership"  
Requiresuniqueemail = "True"  
Passwordformat = "Hashed"  
Maxinvalidpasswordattempts = "5"  
Minrequiredpasswordlength = "6"  
Minrequirednonalphanumericcharacters = "0"  
Passwordattemptwindow = "10"  
Passwordstrengthregularexpression = "" />
</ Providers >
</ Membership >
</ System. Web >

 

Used aboveYellow highlighted fontThe marked attribute is used to tell membership to use the configuration mysqlmembershipprovider we just added, because there isAspnetsqlmembershipprovider,We added another mysqlmembershipprovider in Web. config., Now there are two configurations, so you should useDefaultproviderAttribute specifies the configuration used by the website. Then the name of the connection string configuration is specified. Repeated registration is not allowed for an email. The minimum password length is 6, and the password must contain punctuation marks.

3. ASP. NET authentication Configuration

Membership is configured here, but it is not over yet. We also need to configure ASP. NET authentication mechanism as Forms authentication.

 

Additional content:

ASP. NET has three authentication methods:

1. Forms Verification
2. Windows Verification
3. Passport verification

Windows authentication means that users who can access IIS are considered authenticated. You can use the authentication policy that comes with windows to control which page users can access and which cannot access. This is the easiest way to implement access control without having to write much code.

Passport authentication is an authentication service provided by Microsoft. Of course this is charged.

Forms authentication is to add a cookie to the browser when the user logs on, and then detect the cookie every time the user accesses the browser, so as to achieve the purpose of identity authentication.

 

To configure Forms authentication, copy the following code to Web. config:

 

< System. Web >
< Authentication Mode = "Forms" >
< Forms Loginurl = "Login. aspx"
Protection = "All"
Timeout = "30"
Name = ". Aspxauth"  
Path = "/"
Slidingexpiration = "True"
Defaurl URL = "Default. aspx"
Cookieless = "Usedeviceprofile" />
</ Authentication >
</ System. Web >

The following is a description (copied by msdn ):

• Loginurl Point to the custom logon page of the application. The logon page should be placed in the folder requiring Secure Sockets Layer (SSL. This helps ensure the integrity of creden when they are uploaded from the browser to the web server.

• Protection SetAll,Verify the confidentiality and integrity of the ticket with the specified form identity. This causesMachinekey The algorithm specified on the element encrypts the authentication ticket and uses the sameMachinekeyElement.

• Timeout Specifies the limited lifetime of the form Authentication Session. The default value is 30 minutes. If a persistent form authentication cookie is issued,Timeout This attribute is also used to set the lifetime of a persistent cookie.

• Name AndPath Set to the value defined in the configuration file of the application.

• RequiresslSetFalse. This configuration means that the authentication cookie can be transmitted through an SSL-encrypted channel. If you are worried about session theft, considerRequiresslSetTrue.

• SlidingexpirationSetTrueTo execute the changed session lifetime. This means that the session will be reset periodically as long as the user is active on the site.

• Defaurl URLSet as the default. aspx page of the application.

• CookielessSetUsedeviceprofileTo specify that the application uses cookies for all browsers that support cookies. If the cookie browser is not supported to access the site, form authentication packages the authentication ticket on the URL.

• EnablecrossappredirectsSetFalseTo indicate that form authentication does not support automatic processing of tickets on the query string passed between applications and the tickets passed as part of a form post.

It should be noted thatLoginurlAndDefaurl URLAttribute:LoginurlPoint to the logon page, when ASP. net determines that the resource requested by the user is not allowed to be accessed anonymously, but when the user is not logged on, Asp. net will automatically jump to the page pointed to by loginurl, when the login is successful, jump back to the original request page.Defaurl URLPoint to the default page. When you directly access the logon page and log on successfully, ASP. NET will jump to the defaulturl page. Other options can be left blank, because there are default values.

 

Writing a blog is really not a simple task. I believe I can stick to it! Write it here first and continue tomorrow