ASP.NET Tutorial/Authentication Authorization/Introduction

Материал из .Net Framework эксперт
Перейти к: навигация, поиск

Configuring Authentication: Windows Authentication, .NET Passport Authentication, Forms Authentication

Windows authentication is enabled by default. 
When Windows authentication is enabled, users are identified by their Microsoft Windows account names. 
Roles correspond to Microsoft Windows groups.
.NET Passport authentication is the same type of authentication used at Microsoft websites such as MSN and Hotmail. 
If you want to enable users to log in to your application by using their existing Hotmail usernames and passwords, then you can enable .NET Passport authentication.
The final type of authentication is Forms authentication. 
When Forms authentication is enabled, users are typically identified by a cookie. 
When a user is authenticated, an encrypted cookie is added to the user"s browser. 
As the user moves from page to page, the user is identified by the cookie.
When Forms authentication is enabled, user and role information is stored in a custom data store. 
You can store user information anywhere that you want. 
For example, you can store usernames and passwords in a database, an XML file, or even a plain text file.
You enable a particular type of authentication in an application"s root web configuration file. 
The following file enables Forms authentication.
The possible values for the mode attribute are None, Windows, Forms, and Passport.
File: Web.Config
<configuration>
    <system.web>
      <authentication mode="Forms" />
    </system.web>
</configuration>


Credentials are checked against the firstname and lastname columns of the Northwind.Employees table

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" 
    Inherits="Default" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>Please, log in</title>
</head>
<body>
    <div id="pageContent">
      <form id="Form1" runat="server">
        <table>
        <tr>
          <td><b>User ID</b></td>
          <td><asp:textbox runat="server" text="" id="userName" /></td></tr>
        <tr>
          <td><b>Password</b></td>
          <td><asp:textbox runat="server" text="" id="passWord" textmode="password" /></td></tr>
        </table>
        <asp:button ID="Button1" runat="server" text="Log In..." onclick="LogonUser" />
        <br />
          <asp:label runat="server" id="errorMsg" Font-Names="Verdana" Font-Size="Small" Font-Bold="True" ForeColor="Red"/>
      </form>
    </div>
</body>
</html>
File: Default.aspx.cs
using System;
using System.Data;
using System.Configuration;
using System.Web.Security;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;

public partial class Default : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        SetFocus("userName");
    }
    protected void LogonUser(object sender, EventArgs e)
    {
        string user = userName.Text;
        string pswd = passWord.Text;
        bool bAuthenticated = AuthenticateUser(user, pswd);
        if (bAuthenticated)
            FormsAuthentication.RedirectFromLoginPage(user, false);
        else
            errorMsg.Text = "Sorry, yours seems not to be a valid account.";
    }
    private bool AuthenticateUser(string username, string pswd)
    {
        string connString = ConfigurationManager.ConnectionStrings["NorthwindConnectionString"].ConnectionString;
        string cmdText = "SELECT COUNT(*) FROM employees WHERE firstname=@user AND lastname=@pswd";
        int found = 0;
        using (SqlConnection conn = new SqlConnection(connString))
        {
            SqlCommand cmd = new SqlCommand(cmdText, conn);
            cmd.Parameters.Add("@user", SqlDbType.NVarChar, 10).Value = username;
            cmd.Parameters.Add("@pswd", SqlDbType.NVarChar, 20).Value = pswd;
            conn.Open();
            found = (int)cmd.ExecuteScalar();
            conn.Close();
        }
        return (found > 0);
    }
}


Credentials are checked against the users registered in the aspnetDB.mdf file in App_Data

<%@ Page Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>Please, log in</title>
</head>
<body>
   <div id="pageContent">
        <form id="form1" runat="server">
            <asp:Login ID="Login1" 
                       runat="server" 
                       BackColor="#F7F6F3" 
                       BorderColor="#E6E2D8" 
                       BorderPadding="4" 
                       BorderStyle="Solid" 
                       BorderWidth="1px" 
                       Font-Names="Verdana" 
                       Font-Size="Medium" 
                       ForeColor="#333333">
                <LoginButtonStyle BackColor="#FFFBFF" 
                                  BorderColor="#CCCCCC" 
                                  BorderStyle="Solid" 
                                  BorderWidth="1px"
                                  Font-Names="Verdana" 
                                  Font-Size="0.8em" 
                                  ForeColor="#284775" />
                <TextBoxStyle Font-Size="0.8em" />
                <TitleTextStyle BackColor="#5D7B9D" 
                                Font-Bold="True" 
                                Font-Size="0.9em" 
                                ForeColor="White" />
                <InstructionTextStyle Font-Italic="True" ForeColor="Black" />
            </asp:Login>
        </form>
    </div>
</body>
</html>