Authentication in asp.net
2017-11-08 18:31
453 查看
authenticationElement(ASP.NETSettingsSchema)
ConfiguresanASP.NETapplicationforcustomforms–basedauthentication.<authenticationmode="Windows"> <forms name=".ASPXAUTH" loginUrl="login.aspx" defaultUrl="default.aspx" protection="All" timeout="30" path="/" requireSSL="false" slidingExpiration="true" cookieless="UseDeviceProfile"domain="" enableCrossAppRedirects="false"> <credentialspasswordFormat="SHA1"/> </forms> <passportredirectUrl="internal"/> </authentication>
<forms>Element
trueSpecifiesthatslidingexpirationisenabled.Theauthenticationcookieisrefreshedandthetimetoexpirationisresetonsubsequentrequestsduringasinglesession.Thedefaultforversion1.0ofASP.NETwastrue.
falseSpecifiesthatslidingexpirationisnotenabledandthecookieexpiresatasetintervalfromthetimeitwasoriginallyissued.Thedefaultisfalse.
Optionalattribute.
DefinesthedefaultURLthatisusedforredirectionafterauthentication.
Thisattributeisnewinthe.NETFrameworkversion2.0.
Thedefaultis"default.aspx".
Optionalattribute.
Specifiesthe
Thedefaultisaslash(/),becausemostbrowsersarecase-sensitiveandwillnotsendcookiesback,ifthereisapathcasemismatch.
上面的部分属性可以在IIS中进行配置
<authenticationmode="Forms"> <formsloginUrl="member_login.aspx" cookieless="UseCookies" path="/MyApplication"/> </authentication> FormsAuthentication类中的静态字段
Domainandpath
Eachcookiealsohasadomainandapath.Thedomaintellsthebrowsertowhichdomainthecookieshouldbesent.Ifyoudon'tspecifyit,itbecomesthedomainofthepagethatsetsthecookie,inthecaseofthispagewww.quirksmode.org.Pleasenotethatthepurposeofthedomainistoallowcookiestocrosssub-domains.Mycookie
willnotbereadbysearch.quirksmode.orgbecauseitsdomainiswww.quirksmode.org.WhenIsetthe
domaintoquirksmode.org,thesearchsub-domainmayalsoreadthecookie.
IcannotsetthecookiedomaintoadomainI'mnotin,Icannotmakethedomainwww.microsoft.com.
Onlyquirksmode.orgisallowed,inthiscase.
Thepathgivesyouthechancetospecifyadirectorywherethecookieisactive.
Soifyouwantthecookietobeonlysenttopagesinthedirectorycgi-bin,setthe
pathto
/cgi-bin.Usuallythepathissetto
/,whichmeansthecookieis
validthroughouttheentiredomain.
Thisscriptdoesso,sothecookiesyoucansetonthispagewillbesenttoanypageinthe
www.quirksmode.orgdomain(thoughonlythispagehasascriptthatsearchesforthe
cookiesanddoessomethingwiththem).
HttpCookie
Providesatype-safewaytocreateandmanipulateindividualHTTPcookies.The
ASP.NETincludestwointrinsiccookiecollections.Thecollectionaccessedthroughthe
Cookieheader.Thecollectionaccessedthroughthe
Set-CookieHTTPresponseheader.
Getsorsetsthevirtualpathtotransmitwiththecurrentcookie.
Thevirtualpathtotransmitwiththecookie.Thedefaultis
/,whichistheserverroot.
The
Forexample,intheURLhttp:/www.microsoft.com/asp,thedomainiswww.microsoft.comandthepathis/asp.
Getsorsetsthedomaintoassociatethecookiewith.
Thenameofthedomaintoassociatethecookiewith.Thedefaultvalueisthecurrentdomain.
Settingthe
Domainattributelimitstransmissionofthecookietoclientsrequestingaresourcefromthatdomain.
启用windows授权的话,需要在IIS中打开,参考
sessionStateElement(ASP.NETSettingsSchema)
timeout
Optional
Specifiesthenumberofminutesasessioncanbeidlebeforeitisabandoned.Thetimeoutattributecannotbesettoavaluethatisgreaterthan525,600minutes(1year)forthein-processandstate-servermodes.
ThesessiontimeoutconfigurationsettingappliesonlytoASP.NETpages.Changingthesessiontimeoutvaluedoesnotaffectthesessiontime-outforASPpages.Similarly,changingthesessiontime-outforASPpagesdoesnotaffectthesessiontime-outforASP.NETpages.
Thedefaultis20minutes.
相关文章推荐
- Use Windows Authentication in ASP.NET 2.0/ASP.NET 2.0 中的 Windows 身份验证
- Use Windows Authentication in ASP.NET 2.0/ASP.NET 2.0 中的 Windows 身份验证
- How To: Use Windows Authentication in ASP.NET 2.0
- Forms Authentication in ASP.NET
- (待翻译)Authentication Filters in ASP.NET Web API 2
- Implementing Basic Authentication in ASP.NET 2.0
- Forms Authentication in ASP.NET MVC 4
- How to integrate custom security policy with Windows domain authentication in ASP.NET
- Build User rights control system in Asp.net.(Windows Form Authentication)
- How To: Use Forms Authentication with SQL Server in ASP.NET 2.0
- Google+ Authentication in ASP.Net
- how to use Form Authentication in ASP.NET.
- Google+ Authentication in ASP.Net
- HMAC authentication in ASP.NET Web API
- Active Directory Authentication in ASP.NET MVC 5 with Forms Authentication and Group-Based Authorization
- How To Implement Forms-Based Authentication in Your ASP.NET Application by Using C# .NET
- Handling session and authentication timeouts in ASP.Net
- How To: Use Forms Authentication with SQL Server in ASP.NET 2.0
- Explained: Forms Authentication in ASP.NET 2.0
- An overview of authentication security features in ASP. NET