Safe Mode of AS PN ET
Depending on the type of resource being requested, IIS may or may not handle the request itself4 authorization methods supported by ASP.NET:
Form: form authentication, verify account/password, the best and most popular verification method for Web programming
Authentication and Authorization:
Authentication is the process of determining the identity of a user. After the user is authenticated, the developer can determine whether the user is authorized to proceed. Authorization of an entity is not possible without authentication
Authorization is the determination of whether an authenticated user has access to a certain part, a point in an application, or only to a specific set of data provided by the application
Authorization process:
The main properties of forms:
name: This is the name given to the cookie, which is used to save the user between requests. The default value is .ASPXAUTH
loginUrl: Specifies the URL to redirect the request to if no valid authentication cookie is found
protection: Specifies the level of protection to be applied to the authentication cookie, it has 4 settingsAll: The application uses data validation and encryption mechanisms to protect the cookie. This is the default setting.
None: Do not encrypt cookies.
Encryption: Encrypts the cookie, but does not perform data validation on it.
Validation: Validate data without encrypting cookies
path: Specifies the path where the application stores the cookie. Apply / in most cases, it is the default
timeout: specifies the time (minutes) for the cookie to expire, the default value is 30 minutes
cookieless: specifies whether the form-based authentication process uses cookies during the authentication and authorization process
defaultUrl: specifies the default URL
domain: Specifies the domain name to send with forms authentication
Encrypt the password:
Clear: The password is stored as clear text. The user's password is compared directly to this value.
MD5: Passwords are stored using a hash digest. Hash using the MD5 algorithm, and compare this value for equality. This algorithm performs better than SHA1.
SHA1: Passwords are stored using a SHA1 hash digest. When verifying the certificate, the user password is hashed using the SHA1 algorithm and compared for equality with this value. This algorithm is the most secure
<authorization>Configure to authorize users
The <authorization> configuration section is used to authorize users. In the process of user authorization, the following two application rules should be followed:
One is that rules contained in configuration files located at lower directory levels take precedence over rules located at higher directory levels
Second, for a combined set of rules for a given URL, the system starts at the head of the list and checks the rules until the first match is found
<authorization>配置:
deny block access user
allow allows access to the user
? on behalf of anonymous users
*represents any user
Separate multiple users with ","
A small example:
<authorization>Configure the user authorization code block:
<!-- Configurable via the <authentication> section Secure Authentication Mode, ASP.NET Use this pattern to identify visiting users. --> <!--<authentication mode="Windows" />--> <authentication mode="Forms" > <forms loginUrl="logde.aspx" defaultUrl="Default.aspx"> <credentials passwordFormat="Clear"> <user name="admin" password="admin"/> <user name="user" password="123456"/> </credentials> </forms> </authentication>Login page code block:
<form id="form1" runat="server"> <div> <asp:TextBox ID="TextBox1" runat="server"></asp:TextBox> <br /> <asp:TextBox ID="TextBox2" runat="server"></asp:TextBox> <br /> <asp:Button ID="Button1" runat="server" Text="登录" onclick="Button1_Click" /> </div> </form>
Login page background code block:
protected void Button1_Click(object sender, EventArgs e) { string name = TextBox1.Text; string password = TextBox2.Text; //if (name == "admia" && psw == "admia") //{ // FormsAuthentication.RedirectFromLoginPage(name, false); //} //Users with account admin and password admin can log in if (FormsAuthentication.Authenticate(name,password)) { //Response.Write(FormsAuthentication.HashPasswordForStoringInConfigFile("admin","MD5"));//Output MD5 password encrypted password FormsAuthentication.RedirectFromLoginPage(name, false); } }
Home code block:
<form id="form1" runat="server"> <div> front page </div> </form>
Default page code block:
<form id="form1" runat="server"> <div> Default interface </div> </form>
Admin page code block:
<form id="form1" runat="server"> <div> admin page </div> </form>