MVC4 mall project 2: Implementation of user authentication, mvc4 mall
User Authentication relies on forms authentication class: FormsAuthentication, which is a string of encrypted cookies to implement access control on the controller and login page. It is like this on the browser side:
Requirement: Only login users can access the user center. If you do not log on, you will be redirected to the logon page. Other pages can be accessed:
First, let's look at the logon controller code:
UserDto user = UserService. getUserById (Convert. toInt32 (msg. msg); // provide an authentication ticket FormsAuthentication for the provided user name. setAuthCookie (user. UName, true, FormsAuthentication. formsCookiePath); // Save the user object in the Ticket. FormsAuthenticationTicket Ticket = new FormsAuthenticationTicket (1, user. UName, DateTime. now, DateTime. now. addTicks (FormsAuthentication. timeout. ticks), false, JsonConvert. serializeObject (user); // encrypted ticket string h AshTicket = FormsAuthentication. encrypt (Ticket); HttpCookie userCookie = new HttpCookie (FormsAuthentication. formsCookieName, hashTicket); Response. cookies. add (userCookie); // if (Request ["ReturnUrl"]! = Null | Request ["ReturnUrl"]! = "") {Return Redirect (HttpUtility. UrlDecode (Request ["ReturnUrl"]);}
Web. config configuration, loginUrl is the specified Login Page
<system.web> <authentication mode="Forms"> <forms loginUrl="~/Account/Login" timeout="2880" /> </authentication> <authorization> <deny roles="controler"/> <allow users="*"/> </authorization>
Add the [Authorize] annotation to the Controller to control user access,
[Authorize] public ActionResult Index() { UserDto user = UserService.GetUserById(1); return View(user); }
Of course, the attributes of annotations can also be used to control permissions of different roles and users:
[Authorize(Roles = "controler")] public ActionResult Index() { UserDto user = UserService.GetUserById(1); return View(user); } [Authorize(Users = "admin")] public ActionResult Order() { return View(); }
Cancel operation: Clear cookie
// Deregister public ActionResult LoginOut () {FormsAuthentication. SignOut (); return RedirectToAction ("Index", "Home ");}
If you want to learn more about forms authentication, click http://www.cnblogs.com/fish-li/archive/2012/04/15/2450571.html.
This code has been updated to the https://code.csdn.net/denghao156/ktnmb_mvc4
In the computer, how does one verify the legality of a user's identity?
I. Basic concepts of Identity Authentication
1. Definition of Identity Authentication
Identity Authentication is used by a computer system user to check whether the user's identity is true, legal, and unique when he or she enters the system or accesses system resources of different protection levels.
2. Role of Identity Authentication
From the above definition, we can easily see that identity authentication is to ensure the authenticity, validity, and uniqueness of user identities. In this way, illegal personnel can be prevented from entering the system, illegal personnel can obtain illegitimate benefits through illegal operations, access controlled information, and maliciously damage the integrity of system data. At the same time, in some systems that require high security, the system can automatically record user operations and conduct effective audits through the uniqueness of user identities.
The identity authentication scheme of a system must be designed based on different platforms and different security requirements of various systems. For example, some public information query systems may not require identity authentication, some financial systems require high security. At the same time, identity authentication should be as convenient and reliable as possible, and the cost should be minimized. On this basis, we also need to consider the needs of system expansion.
3. Identity Authentication Classification
Currently, identity authentication methods are diverse, including passwords, magnetic cards, bar code cards, IC cards, smart tokens, fingerprints, and password tables; in the process of identity authentication, the number of communications with the system is divided into one authentication and two authentication; from the system used for identity authentication, there are single-host system identity authentication and Network System Identity Authentication. In addition, the Identity Authentication of many systems is a combination of the above methods and more varied, but these are superficial phenomena. In terms of the basic principle of identity authentication, identity authentication can be divided into static identity authentication and dynamic identity authentication. Ii. Static Identity Authentication
Static identity authentication means that when a user logs on to the system and authenticates his/her identity, the verification data sent to the system remains unchanged. The identity authentication method that complies with this feature is called static identity authentication.
Static identity authentication can be divided into single-factor static Password Identity Authentication and two-factor static identity authentication.
1. Single-factor static password authentication
(1) Basic Principle of single-factor static Password Identity Authentication
A static password is a single-factor authentication method. It generally takes the following form: when a user needs to access system resources, the system prompts the user to enter the user name and password. The system uses encryption or plaintext to transmit the user name and password to the authentication center. And compare it with the user information stored in the authentication center. If the verification succeeds, the system allows the user to perform subsequent access operations. Otherwise, the user is denied further access operations.
(2) common single-factor static password authentication
Single-factor static password identity authentication is generally used in early computer systems. Currently, it is also used in some simple systems or systems with low security requirements, for example, the boot password of a PC, the logon password of a user in a UNIX system, the logon password of a Windows user, and the account password of a telephone bank query system.
Many of today's computer systems are developed by old computer systems and are extended by the original identity authentication method. Therefore, Most of today's systems still adopt the single-factor static password authentication method. But in fact, there are many insecure factors in single-factor static password authentication.
(3) insecure single-factor static Password Identity Authentication and Countermeasures
A static password is a common information between a user and a machine, but others do not know it. If a user knows the password, it indicates that the user is the one the machine thinks. In most cases, the password used for network or system logon control is static, that is, it remains fixed for a certain period of time and can be reused. Do I change the password once after each session? Obviously, this is very stupid, so tired! In this way, there will be security risks! If others know the user's password, they can use the user's identity to log on to the system or the network and perform illegal operations. This can damage the interests of real users!
Nowadays, there are more and more people dealing with passwords, and password is not required for bank accounts, stock accounts, credit cards, dial-up Internet access, online shopping, and so on. Many people use regular numbers, such as birthdays, ID card numbers, house numbers, and phone numbers, to save time and even use a password. This is indeed convenient, but it has brought about insecure factors and left "convenience" for those who are not competent ".
The following table lists the unsecure factors for single-factor static password authentication:
① ...... Remaining full text>
I opened a women's clothing store in No. 2, No. 7 and No. 1 shopping mall. The business was not good. I should think about it. I was not able to pick it up when I transferred it out. I was so worried that my business was quite good and I had no experience.
It is very important to find a good salesman. Selling goods means selling goods.
The supply of goods is also very important. There must be some eye-catching clothes in the store so that you can try it at a glance.