That is: Use the Membership class + FormsAuthentication to create a system that is managed and authenticated by users.
Of course, both parts can be used separately. Today, we will focus on the latter. As for the former, I will write about the next essay.
There are many authentication methods provided, such as the famous Windows authentication
Windows Authentication Mode sets the current User property value to WindowsIdentity based on the credentials provided by IIS, but it does not modify the Windows ID provided to the operating system. The Windows ID provided to the operating system is used for permission checks (such as NTFS file permission checks) or for connecting to the database using integrated security. By default, this Windows ID is the ID of the process. On Microsoft Windows 2000 and Windows XP Professional, this identity is the identity of the worker process, that is, the local ASPNET account. On Windows Server 2003, this identity is the identity of the IIS application pool to which the application belongs. By default, this identity is a NETWORK SERVICE account.
By enabling the emulation feature, the application's Windows ID can be configured as the Windows ID provided by IIS. That is, the instructions to instruct the application to simulate the identity provided by IIS for all tasks (including files and network access) that are validated by the Windows operating system. (Explanation from MSDN Library)
There is another common authentication, namely Forms authentication
Forms authentication enables user and password authentication for web applications that do not require Windows authentication. When using Forms authentication, user information is stored in an external data source, such as a Member database, or in an application's configuration file. Once the user is authenticated, Forms Authentication maintains an authentication ticket in the cookie or URL so that authenticated users do not need to provide credentials on each request.
This will be convenient and safe. How to set up Forms identity authentication?
First open the configuration file
Find the <authentication> and <authorization> nodes under the <> node to join
<>
<authentication mode="Forms">
<forms loginUrl="" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
The <authentication> node is to set up authentication methods, here we formulate Forms
The attributes in the <forms> node can be formulated as authentication page (login page), default page, whether to use cookies, authentication timeout time, etc.
Here we only specify the authentication page loginUrl=""
<authorization> node is an authentication node
<deny> Denial Node Specify attribute users="?", that is, those who have not been authenticated need to go to the authentication page to authenticate
Corresponding to this is the <allow> allow node
This makes the idea clear. No matter what page the user visits, the server will determine whether the user has passed the authentication, and if it is not transferred to the authentication page.
The next step is to determine how to complete our certification work in the file
public void Login_OnClick(object sender, EventArgs args)
{
if ((, ))
(,);
else
= "Login failed. Please check your user name and password and try again.";
}
Here, CheckLogin (user name, password) method is a method used in the logical layer to verify whether the user is legal.
Of course, it would be easier to use some verification methods inherited by the Membership class, but I won't explain it in detail here.
The FormsAuthentication class (the protagonist is finally mentioned), the namespace it belongs to is ;
FormsAuthentication is a class used to set authentication. If the user is legal, save the user name in the cookie. After that, the user does not need to authenticate again if he accesses or visits other pages again.
Its common methods are
RedirectFromLoginPage (user name (string), whether to save the user name in coolie for a long time (bool))
Redirects an authenticated user back to the originally requested URL or default URL
SetAuthCookie (user name (string), whether to save the user name in coolie for a long time (bool))
Create an authentication ticket for the provided username and add it to the response's cookie collection or URL
There are many methods, and I will not list them in detail.
I hope you will explore the specific use or in-depth exploration.
Of course, both parts can be used separately. Today, we will focus on the latter. As for the former, I will write about the next essay.
There are many authentication methods provided, such as the famous Windows authentication
Windows Authentication Mode sets the current User property value to WindowsIdentity based on the credentials provided by IIS, but it does not modify the Windows ID provided to the operating system. The Windows ID provided to the operating system is used for permission checks (such as NTFS file permission checks) or for connecting to the database using integrated security. By default, this Windows ID is the ID of the process. On Microsoft Windows 2000 and Windows XP Professional, this identity is the identity of the worker process, that is, the local ASPNET account. On Windows Server 2003, this identity is the identity of the IIS application pool to which the application belongs. By default, this identity is a NETWORK SERVICE account.
By enabling the emulation feature, the application's Windows ID can be configured as the Windows ID provided by IIS. That is, the instructions to instruct the application to simulate the identity provided by IIS for all tasks (including files and network access) that are validated by the Windows operating system. (Explanation from MSDN Library)
There is another common authentication, namely Forms authentication
Forms authentication enables user and password authentication for web applications that do not require Windows authentication. When using Forms authentication, user information is stored in an external data source, such as a Member database, or in an application's configuration file. Once the user is authenticated, Forms Authentication maintains an authentication ticket in the cookie or URL so that authenticated users do not need to provide credentials on each request.
This will be convenient and safe. How to set up Forms identity authentication?
First open the configuration file
Find the <authentication> and <authorization> nodes under the <> node to join
<>
<authentication mode="Forms">
<forms loginUrl="" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
The <authentication> node is to set up authentication methods, here we formulate Forms
The attributes in the <forms> node can be formulated as authentication page (login page), default page, whether to use cookies, authentication timeout time, etc.
Here we only specify the authentication page loginUrl=""
<authorization> node is an authentication node
<deny> Denial Node Specify attribute users="?", that is, those who have not been authenticated need to go to the authentication page to authenticate
Corresponding to this is the <allow> allow node
This makes the idea clear. No matter what page the user visits, the server will determine whether the user has passed the authentication, and if it is not transferred to the authentication page.
The next step is to determine how to complete our certification work in the file
public void Login_OnClick(object sender, EventArgs args)
{
if ((, ))
(,);
else
= "Login failed. Please check your user name and password and try again.";
}
Here, CheckLogin (user name, password) method is a method used in the logical layer to verify whether the user is legal.
Of course, it would be easier to use some verification methods inherited by the Membership class, but I won't explain it in detail here.
The FormsAuthentication class (the protagonist is finally mentioned), the namespace it belongs to is ;
FormsAuthentication is a class used to set authentication. If the user is legal, save the user name in the cookie. After that, the user does not need to authenticate again if he accesses or visits other pages again.
Its common methods are
RedirectFromLoginPage (user name (string), whether to save the user name in coolie for a long time (bool))
Redirects an authenticated user back to the originally requested URL or default URL
SetAuthCookie (user name (string), whether to save the user name in coolie for a long time (bool))
Create an authentication ticket for the provided username and add it to the response's cookie collection or URL
There are many methods, and I will not list them in detail.
I hope you will explore the specific use or in-depth exploration.