One-step implementation of Asp.net Forms single-point logon in most cases

 

The implementation of Asp.net single-point logon, after Google, you will find that it is complicated and frustrating.

In fact, most of the requirements do not need to be so complicated. Requirements of most people (including me): There is only one site, and multiple applications require a unified logon interface for multiple applications to use, and there is only one server (small company ):. You do not need to log on to each application once.

 

 

You only need one step to modify Web. config:

 

<Authentication mode = "Forms">

<Forms name = "FormsAuthCookie" path = "/" timeout = "2880"/>

</Authentication>

<MachineKey validationKey = "AutoGenerate" decryptionKey = "AutoGenerate" validation = "SHA1"/>

That's easy!

 

 

 

Note that the name attribute of forms must be the same and machineKey must be configured as above. If it is a machine, the keys generated for encryption and decryption of cookies are the same, that is why we emphasize that there is only one machine. If it is on different servers, you must manually set validationKey and decryptionKey to the same value. The default machinekey is as follows: validationKey = "AutoGenerate, IsolateApps" decryptionKey = "AutoGenerate, IsolateApps ". IsolateApps make the machinekey of different applications different, thus preventing cookie tickets from being shared.

 

 

 

 

 

 

The following content is a supplement:

 

Asp.net Forms authentication process overview:

 

1. user login verification code:

 

If (ValidateUser (userName, passWord) // Verify validity

{

System. Web. Security. FormsAuthentication. SetAuthCookie (userName, rememberMe); // set the encryption cookie that is saved to the client, which must be set in machinekey.

// If you need to access more data in the cookie, use FormsAuthenticationTicket to encrypt the ticket with FormsAuthentication.

 

// Redirect...

}

 

 

2. You need to log on to the user to access:

 

 

If (Request. IsAuthenticated) // The Asp.net Forms authentication module saves us a lot of trouble. The process is probably to decrypt the cookie sent from the client. if it is legal, it will...

{

If (User. IsInRole ("admins") // both User and Role are ready. if you use membership

{

// Administrator role...

}

Else

{

//...

}

}

Else

{

// Go to login. aspx

}

Author slmk