The security model of ASP.NET has been made very well, here I only make a comparison for these authentication methods
I have all my personal opinions, if I have something wrong, I hope to correct
Authentication method in ASP.NET:
Form verification
2.Windows verification
3, passport verification
4, custom authentication
For form authentication, I think it is a relatively convenient verification method, you can customize the role, and its step is relatively simple.
Form authentication steps
1. Configure the security verification mode to form authentication in the web.config file.
Note that the PATH is set to "/", Login.aspx to log in to your form, and will generate a piece ticket on this page.
2. Establish login page
Create a landing page, check the username password (encryption of the password is no longer discussed here) and then deposit the user's identity information (encrypted) into the user cookie (Note setting cookie's expiration time) The following is the main Code, this is my own program, if you want to reference you need to rewrite
string role = AccountManager.GetRole (this.TextBox_username.Text.Trim ()); FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket (1, this.TextBox_username.Text.Trim (), DateTime.Now, DateTime.Now.AddMinutes (20), false , role); string encryptedTicket = FormsAuthentication.Encrypt (authTicket); HttpCookie authCookie = new HttpCookie (FormsAuthentication.FormsCookieName, encryptedTicket); Response.Cookies.Add (authCookie); Response.Redirect (FormsAuthentication.GetRedirectUrl (this.TextBox_username.Text. TRIM (), FALSE);
3. Define the Application_AuthenTentRequest event in Global.asax.
Mainly to decrypt the user's identity ticket, then add it to the user's HTTP context
protected void Application_AuthenticateRequest (Object sender, EventArgs e) {string cookiename = FormsAuthentication.FormsCookieName; HttpCookie authcookie = Context.Request.Cookies [cookiename]; if (authcookie == null) {return;} FormsAuthenticationTicket authticket = null; try {authticket = Formsauthentication.decrypt (authcookie.value);} catCH (Exception) {return;} if (authticket == null) {return;} String [] roles = authticket.userdata.split (new char [] {'|'}) Formentity ID = new formsident; genericprincipal principal = new genericprincipal (id, roles); context.user = principal;} 4, in the folder you want to add or in your code to join Authorization Control
To authorize a folder, write a web.config file in this folder, examples are as follows
Or add authorization control in the code
Control by detecting usernames and roles in user http context
HTTPCONTEXT.CURRENT.
