3 ways asp.net login authentication Form form validation FormsAuthentication.SetAuthCookie 3 ways asp.net login authentication Form form validation; FormsAuthentication.RedirectFromLoginPage; FormsAuthenticationTicket

asp.net login form validation verification Form 3 ways FormsAuthentication.SetAuthCookie; FormsAuthentication.RedirectFromLoginPage; FormsAuthenticationTicket

 

After we landed successfully, use the following three methods, all with one purpose: to create an authentication ticket and attach it to the Cookie,

When we use Forms authentication, you can use HttpContext.Current.User.Identity.IsAuthenticated (or you can use Request.IsAuthenticated, this actually is User.Identity.IsAuthenticated call to verify) to determine whether the landing; and whether this judgment is dependent on the Cookie information to determine where the user login. 
FormsAuthentication.SignOut to clear the Cookie tag

Form authentication relies Cookie, Asp.net is the time to check our specified in the configuration file name Cookie, Cookie and decrypts the request to determine the status of the current user's logon

The following three methods are used to form validation set is provided in which web.config

 

<authentication mode="Forms">
            <forms name=".MyCookie" loginUrl="Login.aspx" protection="All" timeout="60"/>
        </authentication> 

 

1：FormsAuthentication.SetAuthCookie

Demo:

 

FormsAuthentication.SetAuthCookie(UserInfo.UserName, false, FormsAuthentication.FormsCookiePath);

 

 

[System.Web.Security.FormsAuthentication.SetAuthCookie ( "fish", false) ; ] after, Asp.net done, the answer to this question is very simple: they used Reflector.exe take a look Asp.net achieve it . 
Here you can be convinced to sign in and leaving about Cookie, I will create a direct look at Cookie Cookie Asp.net can recognize that I created and considered valid login. Look at the code:

If you execute this code, you will find: [Request.IsAuthenticated] returns true, login status shows "logged in." 
At this point, we can draw a conclusion:  Form authentication relies Cookie, Asp.net is the time to check our specified in the configuration file name Cookie, Cookie and decrypts the request to determine the status of the current user's login.

2：FormsAuthenticationTicket

Demo:

//// create an authentication ticket 
   the FormsAuthenticationTicket AuTicket the FormsAuthenticationTicket new new = ( 
 1, UserInfo.UserName, DateTime.Now, DateTime.Now.AddMinutes (30), 
 false, Request.UserHostAddress); 
 //// bills encrypted 
  string authTicket = FormsAuthentication.Encrypt (AuTicket); 
 //// the ticket encrypted saved as Cookie 
 the HttpCookie new new COO = the HttpCookie (FormsAuthentication.FormsCookieName, authTicket); 
 coo.Secure = to false; 
 coo.Expires = AuTicket.Expiration; 
 coo.Path = FormsAuthentication.FormsCookiePath; 
 //// adding new the cookie 
 Response.Cookies.Add (COO);

 

 

3：FormsAuthentication.RedirectFromLoginPage

Demo:

FormsAuthentication.RedirectFromLoginPage(UserInfo.UserName, false);

Comment: 

name	Explanation
FormsAuthentication.RedirectFromLoginPage (String, Boolean)	The authenticated user is redirected back to the originally requested URL or the default URL.
FormsAuthentication.RedirectFromLoginPage (String, Boolean, String)	Use Forms Authentication Cookie Cookie path is specified, the authenticated user is redirected back to the originally requested URL or the default URL.

 

FormsAuthentication.RedirectFromLoginPage the second parameter, true expressed reservations persistent cookie, the expiration time is web.config in time, if it is false then close the browser expires.

This line of code to achieve your fill in login name and password, success will go to the original page you want.

This is followed by the parameter "false" whether permanently retained cookie. True said that permanent, the next visit would not have to enter a password, otherwise this link is disconnected, next time you need to enter a password. This parameter can also be selected by the user, given the security, you can put a checkbox in sideways user name or password, the original statement as follows:

System.Web.Security.FormsAuthentication.RedirectFromLoginPage(this.txtname.Text,this.CheckBox.Checked);

 

 

 

The difference RedirectFromLoginPage and FormsAuthenticationTicket

If you are not very clear verification of identity .net, see this article. In this paper, simple language, so you have a complete understanding of RedirectFromLoginPage and FormsAuthenticationTicket. 
1) FormsAuthentication.RedirectFromLoginPage (UserName.Text, mycheckbox.Checked) for user authentication based on 
this method encapsulates the generated authentication ticket, write back to the client, the browser is redirected and a series of actions 
RedirectFromLoginPage () method first generation generation authentication ticket, and then call FormAuthenticaiton.Encrypt () method of the authentication ticket is encrypted strings, and then generates authentication Cookie, Cookie and then this was added to the Response.Cookies, waiting to be sent to the client. Finally RedirectFromLoginPage method calls FormsAuthentication.GetRedirectUrl method to get to the page the user originally requested, redirected to this page. 
1, create a cookie on the browser, which contains an authentication token. 
2, just return to the page you requested; 
the equivalent of these two: 
FormsAuthentication.SetAuthCookie (UserName.Text, mycheckbox.Checked); 
Response.Redirect (FormsAuthentication.GetRedirectUrl (UserName.Text, mycheckbox.Checked); 
that is FormsAuthentication .RedirectFromLoginPage method is equivalent to a package that simplifies the many details.

2) FormsAuthenticationTicket, role-based identity verification 
of non-role-based method above, use the method to accomplish FormsAuthentication.RedirectFromLoginPage generate authentication ticket, write back a series of actions the client, browser redirection. This method will use some really save settings to complete a series of actions, in role-based authentication, we can not use this method to achieve, step by step to do in order to add to the mix some custom settings:

1. First mark according to the user, and the user belongs to the role of string to create an authentication ticket 
public the FormsAuthenticationTicket ( 
int Version, // set to 1 
String name, // user mark 
DateTime issueDate, // Cookie time of issue, set as DateTime.Now 
DateTime expiration, the expiration time // 
bool isPersistent, // whether persistent (as required settings, if set to persistent, issued 
when cookie, cookie's expires settings must be set) 
String userData, // use here prepared above good role comma-separated string 
string cookiePath // set to "/", which is to be issued consistent with the cookie path because refresh cookie 
use this route 
);

FormsAuthenticationTicket Ticket = new FormsAuthenticationTicket (1,"kent",DateTime.Now, DateTime.Now.AddMinutes(30), false,UserRoles,"/") ;

2. Generate the authentication ticket cookies 
2.1 encrypt the authentication ticket sequence into a string 
String HashTicket = FormsAuthentication.Encrypt (Ticket); 
2.2 generating Cookie 
the HttpCookie userCookie the HttpCookie new new = (FormsAuthentication.FormsCookieName, HashTicket); 
FormsAuthentication.FormsCookieName is to obtain the identity of the web.config set the authentication cookie name, the default is ".ASPXAUTH". 
If the property is set isPersistent authentication ticket in a persistent class, then the cookie Expires attribute must be set so that the cookie will as persistent cookie is saved to the client's cookie file in. 
3. cookie authentication ticket output to the client 
the authentication ticket collection cookie cookie attached to the output through Response.Cookies.Add (userCookie), sent to the client . 
4. redirected to the page the user first test application.

Verification of the code (this code is to click on the login button on the event page login.aspx handling code):

void Buttonlogin_Click Private (Object SENDER, System.EventArgs E) 
{ 
     String User = TextBoxUser.Text; // read the user name 
     string password = TextBoxPassword.Text; // read the password 
     if (Confirm (user, password) == true) // confirm the legitimacy of the method used to authenticate users 
    { 
         string userRoles = UserToRole (user); // call the method to get the role UserToRole string 
         FormsAuthenticationTicket Ticket = new FormsAuthenticationTicket (1, user, DateTime.Now, DateTime.Now.AddMinutes ( 30), false, userRoles, " /"); // build the object authentication ticket 
         string HashTicket = FormsAuthentication.Encrypt (ticket); // encryption sequence is a string of tickets validation 
         HttpCookie userCookie = new HttpCookie (FormsAuthentication.FormsCookieName, HashTicket ); 
// generate Cookie 
          Context.Response.Cookies.Add (UserCookie); // output cookies 
         Context.Response.Redirect (Context.Request [ "the ReturnUrl"]); // initial page is redirected to the user's application 
     } 
    the else 
    { 
        // user is not acknowledgment code when 
    } 
} 
// this method is used to verify the legitimacy of the user's 
Private confirm the BOOL (user String, String password) 
{ 
    // appropriate code 
} 
// this method is used for all of the user role corresponding to the obtained comma dividing a string 
Private UserToRole string (string User) 
{ 
    // corresponding code 
}

3) summarizes the 
authentication 5-step: 
1, create an authentication ticket 
2, encryption, authentication ticket 
3, generate Cookie 
4, Cookie output to the client 
5, page redirects

 

Other references:

(1): User name input box to remember user name, save the next re-enter

(2): elaborate Cookie