Generally speaking, the authentication method of a website will go through the following steps:
1. Enter the user name and password and click the OK button.
2. Determine whether the user name and password are correct in the background. If it is wrong, return to the prompt; if it is correct, enter the accessible page.
In the ASP era, a session is usually created after verifying whether the username and password match, and then determine whether the session exists in each page that needs to be verified. If it exists, the page content will be displayed; if it does not exist, a prompt will be generated and redirected to the login page.
However, in the era, this process has greatly reduced the need to verify the Session in each page that needs verification. You only need to perform the following steps to complete the authentication process.
Step 1: Modify the file.
1. Find the <authentication> section in <> and </> and change it to "<authentication mode="Forms" />", where Forms stands for using form authentication.
2. Add "<authorization><deny users="?"/></authorization>" to <> and </>, where "<deny users="?"/>" means rejecting all anonymous users.
Step 2: Create a file.
After the first step, no matter which file the user accesses in the website, as long as it has not been authenticated, it will automatically jump to the web page, and the ReturnUrl parameter is used in the URL to pass the web page currently accessed by the user.
Assuming that the user directly accesses the file without authentication, the web page will automatically jump. At this time, the URL in the address bar in the browser window is: "?ReturnUrl=%". Therefore, after the authentication is passed, the web page can be returned to the web page specified by the ReturnUrl parameter.
Step 3: Verify identity in the file.
The authentication method is relatively simple. Generally, a text box and a password box are created. After the user enters the user name and password, click the submit button and go to the database to verify the identity. The detailed process will not be written. As long as the user name entered is 1 and the password is 2, the authentication will be considered to be passed.
After the authentication is completed, use() to create an authenticated ticket for the user and add it to the cookie. In the future, if you visit other web pages on the website, you will no longer need to use them for authentication. The code after clicking the Submit button is shown below.
protected void Button1_Click(object sender, EventArgs e)
{
//Authentication method, in this example, the user name is 1 and the password is 2
if ( == "1" && == "2")
{
/*
* Create an authentication ticket for the username and add it to the responding cookie
* The first parameter of SetAuthCookie is the name of the authenticated user.
* When the second parameter of SetAuthCookie is true, it means that a persistent cookie (a cookie saved by a cross-browser session) is created. If false, the browser must be closed and the identity must be re-verified.
*/
(, false);
}
//If the ReturnUrl parameter is not passed in the URL, then jump to, otherwise jump to the web page specified by the ReturnUrl parameter value
if ((["ReturnUrl"]))
{
("");
}
else
{
(["ReturnUrl"].ToString());
}
}
Is it COOL in just three steps?
This example was tested and passed in VS2005.
The advantage of this example is that the process and code are very simple.
The disadvantage of this example is that the entire website must be authenticated, and it is not possible to specify which files can be accessed anonymously and which files cannot be accessed anonymously.
1. Enter the user name and password and click the OK button.
2. Determine whether the user name and password are correct in the background. If it is wrong, return to the prompt; if it is correct, enter the accessible page.
In the ASP era, a session is usually created after verifying whether the username and password match, and then determine whether the session exists in each page that needs to be verified. If it exists, the page content will be displayed; if it does not exist, a prompt will be generated and redirected to the login page.
However, in the era, this process has greatly reduced the need to verify the Session in each page that needs verification. You only need to perform the following steps to complete the authentication process.
Step 1: Modify the file.
1. Find the <authentication> section in <> and </> and change it to "<authentication mode="Forms" />", where Forms stands for using form authentication.
2. Add "<authorization><deny users="?"/></authorization>" to <> and </>, where "<deny users="?"/>" means rejecting all anonymous users.
Step 2: Create a file.
After the first step, no matter which file the user accesses in the website, as long as it has not been authenticated, it will automatically jump to the web page, and the ReturnUrl parameter is used in the URL to pass the web page currently accessed by the user.
Assuming that the user directly accesses the file without authentication, the web page will automatically jump. At this time, the URL in the address bar in the browser window is: "?ReturnUrl=%". Therefore, after the authentication is passed, the web page can be returned to the web page specified by the ReturnUrl parameter.
Step 3: Verify identity in the file.
The authentication method is relatively simple. Generally, a text box and a password box are created. After the user enters the user name and password, click the submit button and go to the database to verify the identity. The detailed process will not be written. As long as the user name entered is 1 and the password is 2, the authentication will be considered to be passed.
After the authentication is completed, use() to create an authenticated ticket for the user and add it to the cookie. In the future, if you visit other web pages on the website, you will no longer need to use them for authentication. The code after clicking the Submit button is shown below.
Copy the codeThe code is as follows:
protected void Button1_Click(object sender, EventArgs e)
{
//Authentication method, in this example, the user name is 1 and the password is 2
if ( == "1" && == "2")
{
/*
* Create an authentication ticket for the username and add it to the responding cookie
* The first parameter of SetAuthCookie is the name of the authenticated user.
* When the second parameter of SetAuthCookie is true, it means that a persistent cookie (a cookie saved by a cross-browser session) is created. If false, the browser must be closed and the identity must be re-verified.
*/
(, false);
}
//If the ReturnUrl parameter is not passed in the URL, then jump to, otherwise jump to the web page specified by the ReturnUrl parameter value
if ((["ReturnUrl"]))
{
("");
}
else
{
(["ReturnUrl"].ToString());
}
}
Is it COOL in just three steps?
This example was tested and passed in VS2005.
The advantage of this example is that the process and code are very simple.
The disadvantage of this example is that the entire website must be authenticated, and it is not possible to specify which files can be accessed anonymously and which files cannot be accessed anonymously.