Forms authentication without a (visible) form
发表于2004/10/13 11:26:00 717人阅读
A user can browse your web-pages anonymous or as an authenticated user. This is set in the web.config of your site.<authorization>
<allow users="*" /> <!-- Allow all users -->
By default every user can browse any page. If you want to know who is requesting, deny the access to unknown users<authorization>
Now every user has to be authenticated to view a page. You set authentication on a page basis by adding sections to the web.config<location path="AuthRequired.aspx">
Take a look at the asp.net forums app to get an idea how to use that. In a forum everybody can browse and read the posts but you have to be authenticated to (react on a) post.
ASP.NET has several ways of authentication built in: Windows integrated, Passport and forms. Using forms authentication the user is forced to a login page before visiting a page. This login page is also set from the web.config file<authentication mode="Forms">
On the login page the user enters a username and password which is supposed to be validated against the one or the other. When approved the code will set an authorization cookie. With this cookie the user can visit all pages shielded off without having to log in again and again. When the code issues a persistent cookie the login will persist over sessions. (Remember me).
But nothing forces you to pop up a form. Asp.Net doesn't care as long as the cookie is set. You could do this for instanceprivate void AuthenticateHere_Init(object sender, System.EventArgs e)
string redirectUrl = Page.Request.QueryString["ReturnUrl"];
if (redirectUrl != null)
Right in the start of the pages lifecycle, in the init event of the page the cookie is set. Why the user deserves an authentication cookie is up to you, here I use a custom method IsValidAdress. After setting the cookie the response is ended and the app is redirected to the page requesting the authentication. FormsAuthentication passes the url in the querystring. In the browser toolbar you will see the Authenticate page being hit, on a succefull authentication the visual page itself jumps directly to the page requested in the querystring.
The nice thing about forms authentication that it is completely set from the web.config. This way you can hook your own authentication into an existing app. Like asp.net forums.
ASP.NET Forms Authentication所生成Cookie的安全性
zbc496218 2012-05-28 16:43 846
SharePoint 2010 Forms Authentication Using Custom Membership and Role Providers
foxdave 2013-04-26 16:28 0
Web应用程序中的服务器错误 （<authentication mode="Forms">）
SmallXianNotImmortal 2016-04-19 10:00 2517
jinduan 2013-05-13 15:34 609
Updating Form from Another Thread without Creating Delegates for Type of Update
JLKEngine001 2010-02-14 11:35 0
Asp.net MVC Form authentication 示例代码
diandian82 2011-11-02 15:15 2632
Upload file to servlet without using HTML form
daniel7443 2017-02-08 07:44 107
HTML Forms & Form element
u013960094 2015-04-20 15:12 332