ASP.NET 2.0 中的表单身份验证
我在我的一个 Web 应用程序中使用表单身份验证。 以下是我在 a 中使用的代码
。 Web.config
forms loginurl="***" defaulturl="***"
b. Login.aspx
OnAuthenticate(object sender, AuthenticateEventArgs e)
{
e. Authenticated = validateuser(Login1.UserName, Login1.Password)
if (e.Authenticated =true)
{
// fetch roles
}
}
c. Global.asax
Application_OnPostAuthenticateRequest()
{
if (user.Authenticated && Authenticationtype="form")
{
// Fetch roles and user data and save in httpcontext
}
}
我不知道我是对还是错。 我怀疑在 Login.aspx 页面和 Global.asax 页面中
我没有使用 SSL,因为它是付费数字证书。 那么我怎样才能安全地传输数据,我应该使用身份验证cookie作为文件还是作为url? 如何在客户端和服务器 PC 上找到 cookie 文件?
是否有任何链接可以让我获得使用表单身份验证的最佳方法?
I am using Forms authentication in one of my web application. Following are the code i am using in
a. Web.config
forms loginurl="***" defaulturl="***"
b. Login.aspx
OnAuthenticate(object sender, AuthenticateEventArgs e)
{
e. Authenticated = validateuser(Login1.UserName, Login1.Password)
if (e.Authenticated =true)
{
// fetch roles
}
}
c. Global.asax
Application_OnPostAuthenticateRequest()
{
if (user.Authenticated && Authenticationtype="form")
{
// Fetch roles and user data and save in httpcontext
}
}
I don't know i am right or not. I have doubt in Login.aspx page and Global.asax page
I am not using SSL because its paid digital certificate. So how can i make data safe transfer and should i use authentication cookies as a file or as a url? how can i find cookie file at client and at server PC?
Is there any link from which i get best way to use form authentication?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我不明白你到底想在代码中做什么..但这里有完整的解释。
这里有一些最好的链接..
它可能对您有用..
http://msdn.microsoft.com/en -us/library/aa480476.aspx
http://www.codeproject. com/KB/aspnet/custom_authentication.aspx
i am not getting what exactly you want to do in your code.. but here is the complete explaination for the same.
Here are some of the best links..
It may useful for you..
http://msdn.microsoft.com/en-us/library/aa480476.aspx
http://www.codeproject.com/KB/aspnet/custom_authentication.aspx
您知道还有一个角色提供程序吗? 你有什么理由不能使用它而不是自己滚动吗? 内置功能支持对文件、类和方法进行基于角色的身份验证。
如果没有 SSL,您就无法确保表单提交的安全,根本没有其他方法可以做到这一点。 内置位使用签名的 cookie,您可以在 cookie 上启用加密< /a> 如果您愿意的话也可以。 如果您使用内置位,则无需寻找 cookie,它由 ASP.NET 处理,并且它受到客户端脚本访问的保护,以限制 跨站脚本攻击。
You know there's a role provider as well? Is there any reason why you can't use that instead of rolling your own? The built in one provides support for role based authentication on files and classes and methods.
You can't make forms submission safe without SSL, there's simply no other way to do it. The built in bits used a signed cookie, and you can enable encryption on the cookie as well should you wish to. If you use the built in bits you don't need to go looking for the cookie, it's taken care of by ASP.NET, and it's protected from client side script access to limit the possibility of Cross Site scripting attacks.