- How to use Form forms authentication
Author : Han Yu Feng (cityhunter172)
sequence
Code written N for a long time, always wanted to write something else. This does not, on top of said integration of the two projects, made of single sign-on ( Single Sign the On ), was also known as "single sign-on." After a review of relevant documents, finally realized, now put out to share it with everyone. Perhaps you may ask: "This title does not match it? 'But wait, before you write, my mind thought I just use Form some of the problems encountered during authentication, and use some of the techniques used (there really is opportunistic also ^ _ ^ ). Even then hit junior high school, not how the language level drops, often writing test can not write, so the limited writing skills, but also please the mass. By the way, not only limited writing skills, programming ability is not very good, for everyone to learn this text exchange purposes, welcome to the toiling masses carrying eggs, holding flowers come comment. Reproduced, please indicate the original author is the cold Yu Feng is also, I appreciate it!
Also nonsense to say about it, get down to business, ASP.NET security authentication, a total of " Windows " " Form " " Passport " " None " four authentication mode. " Windows " and " None " did not play a role in protection, not recommended; " Passport " I did not used, alas ...... so I had to talk about " Form " certified. I intend divided into three parts:
The first part - how to achieve From Certification;
Part II - Form certification of actual use;
Part III - to achieve single sign-on ( Single Sign the On )
The first part of how to use the Form forms authentication
First, create a new test project
In order to better illustrate the need to create a new test project (for the time being " FormTest " it), contains three pages is enough ( the Default.aspx , Login.aspx , UserInfo.aspx ). What? It was not a new project, will not add pages? I supposed you ask? I see so run: the dragged out, beaten back by the original, to learn from kindergarten ......
Second, modify the Web.config
1, double-click the project in the Web.config (No, can not find the dozen PP )
2, find the following text <authentication mode = "Windows" / > change it to:
<authentication mode="Forms">
<forms loginUrl="Login.aspx" name=".ASPXAUTH"></forms>
</authentication>
3、 找到<authorization> <allow users="*" /></authorization>换成
<authorization><deny users="?"></deny></authorization>
There is nothing to say, just copy the past on the line. That said, people still get it wrong, as follows:
<authentication mode="Forms">
<forms loginUrl="Login.aspx" name=".APSX"></forms>
<deny users="?"></deny>
</authentication>
To ask who the < "?" Deny users => </ deny> into the <authentication> in, I will have the honor to tell you, it is N years ago, I: <authentication> and <authorization> all It is auth starts with the letter and are based on ation at the end, to repeat itself; the English word not back down I thought they were a group of ......
Third, write .cs code - Signing in and out
1, login code:
a, introduces the book
private void Btn_Login_Click(object sender, System.EventArgs e)
{
if(this.Txt_UserName.Text=="Admin" && this.Txt_Password.Text=="123456")
{
System.Web.Security.FormsAuthentication.RedirectFromLoginPage(this.Txt_UserName.Text,false);
}
}
b, even to find the N long to find
private void Btn_Login_Click(object sender, System.EventArgs e)
{
if(this.Txt_UserName.Text=="Admin" && this.Txt_Password.Text=="123456")
{
System.Web.Security.FormsAuthentication.SetAuthCookie(this.Txt_UserName.Text,false);
Response.Redirect("Default.aspx");
}
}
Two or more can be paid after verification Cookie , that is verified, the difference between:
Method a) refers to the return request verification page, commonly known as "come from which to hit." For example: before the user does not log in directly in IE address bar enter //localhost/FormTest/UserInfo.aspx: HTTP , then the user will see is Login.aspx ReturnUrl = UserInfo.aspx? , Enter a user name and password to log in successfully the system in accordance with " the ReturnUrl value", the corresponding page return
Method b) is to take two steps: immediately after the payment is verified cookies , jump page specified by the programmers themselves, this method is used for Default.aspx system using the frame structure.
2, exit code:
private void Btn_LogOut_Click(object sender, System.EventArgs e)
{
System.Web.Security.FormsAuthentication.SignOut();
}
Fourth, how to determine whether or not the user authentication information and obtain verification
Sometimes, on the same page you need to determine whether a user is logged in, and then presents a different layout. Some people like to use Session to judge, I am not against such practices, and I just want to tell you there is a way, let me see the code below:
if(User.Identity.IsAuthenticated)
{
// your verified, you know how to do it?
}
User.Identity There are two attributes AuthenticationType (authentication type) and Name (user name) , we should note that the Name property here User.Identity.Name will be verified by ( RedirectFromLoginPage or SetAuthCookie time), we took the first parameter into the this.Txt_UserName.Text . This parameter is very important, related to the various ...... all sorts of circumstances, of yore, Let's hear next decomposition ......
ASP.NET Security Certification (two) - the flexible use of Form forms authentication in the deny and allow and protect the .htm and other documents
Reproduced in: https: //www.cnblogs.com/zhangchenliang/archive/2011/03/31/2000857.html