http://nfex.ru/index.php?action=history&feed=atom&title=ASP.NET_Tutorial%2FAuthentication_Authorization%2FMembership
ASP.NET Tutorial/Authentication Authorization/Membership - История изменений
2026-04-29T21:22:00Z
История изменений этой страницы в вики
MediaWiki 1.30.0
http://nfex.ru/index.php?title=ASP.NET_Tutorial/Authentication_Authorization/Membership&diff=2853&oldid=prev
в 15:30, 26 мая 2010
2010-05-26T15:30:57Z
<p></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<tr style="vertical-align: top;" lang="ru">
<td colspan="1" style="background-color: white; color:black; text-align: center;">← Предыдущая</td>
<td colspan="1" style="background-color: white; color:black; text-align: center;">Версия 15:30, 26 мая 2010</td>
</tr><tr><td colspan="2" style="text-align: center;" lang="ru"><div class="mw-diff-empty">(нет различий)</div>
</td></tr></table>
http://nfex.ru/index.php?title=ASP.NET_Tutorial/Authentication_Authorization/Membership&diff=2854&oldid=prev
Admin: 1 версия
2010-05-26T11:57:17Z
<p>1 версия</p>
<p><b>Новая страница</b></p><div>== After a user has been locked out, you must call the MembershipUser.UnlockUser() method to re-enable the user account.==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="csharp"><br />
<%@ Page Language="C#" %><br />
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"<br />
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><br />
<script runat="server"><br />
protected void btnRemove_Click(object sender, EventArgs e)<br />
{<br />
MembershipUser userToUnlock = Membership.GetUser(txtUserName.Text);<br />
if (userToUnlock == null)<br />
{<br />
lblMessage.Text = "User not found!";<br />
}<br />
else<br />
{<br />
userToUnlock.UnlockUser();<br />
lblMessage.Text = "Lock removed!";<br />
}<br />
}<br />
</script><br />
<html xmlns="http://www.w3.org/1999/xhtml" ><br />
<head runat="server"><br />
<title>Remove Lock</title><br />
</head><br />
<body><br />
<form id="form1" runat="server"><br />
<div><br />
<asp:Label<br />
id="lblUserName"<br />
Text="User Name:"<br />
AssociatedControlID="txtUserName"<br />
Runat="server" /><br />
<asp:TextBox<br />
id="txtUserName"<br />
Runat="server" /><br />
<asp:Button<br />
id="btnRemove"<br />
Text="Remove Lock"<br />
Runat="server" OnClick="btnRemove_Click" /><br />
<br /><br />
<asp:Label<br />
id="lblMessage"<br />
EnableViewState="false"<br />
Runat="server" /><br />
</div><br />
</form><br />
</body><br />
</html></source><br />
<br />
<br />
<br />
== Configure how passwords are stored by setting the passwordFormat attribute in the web configuration file.==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="csharp"><br />
The following web configuration file configures the SqlMembershipProvider to store passwords in plain text.<br />
File: Web.Config<br />
<configuration><br />
<system.web><br />
<authentication mode="Forms" /><br />
<membership defaultProvider="MyProvider"><br />
<providers><br />
<add<br />
name="MyProvider"<br />
type="System.Web.Security.SqlMembershipProvider"<br />
passwordFormat="Clear"<br />
connectionStringName="LocalSqlServer"/><br />
</providers><br />
</membership><br />
</system.web><br />
</configuration></source><br />
<br />
<br />
<br />
== Creating users programmatically (C#)==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="csharp"><br />
<%@ Page Language="C#" %><br />
<script runat="server"><br />
protected void Button1_Click(object sender, EventArgs e)<br />
{<br />
try<br />
{<br />
Membership.CreateUser(TextBox1.Text.ToString(), TextBox2.Text.ToString());<br />
Label1.Text = "Successfully created user " + TextBox1.Text;<br />
}<br />
catch (MembershipCreateUserException ex)<br />
{<br />
Label1.Text = "Error: " + ex.ToString();<br />
}<br />
}<br />
</script><br />
<html xmlns="http://www.w3.org/1999/xhtml" ><br />
<head id="Head1" runat="server"><br />
<title>Creating a User</title><br />
</head><br />
<body><br />
<form id="form1" runat="server"><br />
<h1>Create User</h1><br />
Username<br /><br />
<asp:TextBox ID="TextBox1" Runat="server"></asp:TextBox><br />
<br />
Password<br /><br />
<asp:TextBox ID="TextBox2" Runat="server" <br />
TextMode="Password"></asp:TextBox><br />
<br />
<br />
<asp:Button ID="Button1" Runat="server" Text="Create User" <br />
OnClick="Button1_Click" /><br />
<br />
<br />
<asp:Label ID="Label1" Runat="server"></asp:Label><br />
<br />
</form><br />
</body><br />
</html></source><br />
<br />
<br />
<br />
== Creating users programmatically (VB)==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="csharp"><br />
<%@ Page Language="VB" %><br />
<script runat="server"><br />
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs)<br />
Try<br />
Membership.CreateUser(TextBox1.Text, TextBox2.Text)<br />
Label1.Text = "Successfully created user " & TextBox1.Text<br />
Catch ex As MembershipCreateUserException<br />
Label1.Text = "Error: " & ex.ToString()<br />
End Try<br />
End Sub<br />
</script><br />
<html xmlns="http://www.w3.org/1999/xhtml" ><br />
<head id="Head1" runat="server"><br />
<title>Creating a User</title><br />
</head><br />
<body><br />
<form id="form1" runat="server"><br />
<h1>Create User</h1><br />
Username<br /><br />
<asp:TextBox ID="TextBox1" Runat="server"></asp:TextBox><br />
<br />
Password<br /><br />
<asp:TextBox ID="TextBox2" Runat="server" <br />
TextMode="Password"></asp:TextBox><br />
<br />
<br />
<asp:Button ID="Button1" Runat="server" Text="Create User" <br />
OnClick="Button1_Click" /><br />
<br />
<br />
<asp:Label ID="Label1" Runat="server"></asp:Label><br />
<br />
</form><br />
</body><br />
</html></source><br />
<br />
<br />
<br />
== Denying unauthenticated users==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="csharp"><br />
<?xml version="1.0" encoding="utf-8"?><br />
<configuration><br />
<system.web><br />
<authentication mode="Forms" /><br />
<authorization><br />
<deny users="?" /><br />
</authorization><br />
</system.web><br />
</configuration></source><br />
<br />
<br />
<br />
== Disable this requirement when using the SqlMembershipProvider.==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="csharp"><br />
<configuration><br />
<system.web><br />
<authentication mode="Forms" /><br />
<membership defaultProvider="MyProvider"><br />
<providers><br />
<add<br />
name="MyProvider"<br />
type="System.Web.Security.SqlMembershipProvider"<br />
minRequiredNonalphanumericCharacters="0"<br />
connectionStringName="LocalSqlServer"/><br />
</providers><br />
</membership><br />
</system.web><br />
</configuration></source><br />
<br />
<br />
<br />
== Locking Out Bad Users==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="csharp"><br />
Two configuration settings control when an account gets locked out: maxInvalidPasswordAttempts, passwordAttemptWindow<br />
Enter a maximum of three bad passwords or bad password answers in one hour.<br />
File: Web.Config<br />
<configuration><br />
<system.web><br />
<authentication mode="Forms" /><br />
<membership defaultProvider="MyProvider"><br />
<providers><br />
<add<br />
name="MyProvider"<br />
type="System.Web.Security.SqlMembershipProvider"<br />
maxInvalidPasswordAttempts="3"<br />
passwordAttemptWindow="60"<br />
connectionStringName="LocalSqlServer"/><br />
</providers><br />
</membership><br />
</system.web><br />
</configuration></source><br />
<br />
<br />
<br />
== Membership provider settings in the machine.config file==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="csharp"><br />
<membership><br />
<providers><br />
<add name="AspNetSqlMembershipProvider"<br />
type="System.Web.Security.SqlMembershipProvider, System.Web,Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"<br />
connectionStringName="LocalSqlServer"<br />
enablePasswordRetrieval="false"<br />
enablePasswordReset="true"<br />
requiresQuestionAndAnswer="true"<br />
applicationName="/"<br />
requiresUniqueEmail="false"<br />
passwordFormat="Hashed"<br />
maxInvalidPasswordAttempts="5"<br />
passwordAttemptWindow="10"<br />
passwordStrengthRegularExpression="" /><br />
</providers><br />
</membership></source><br />
<br />
<br />
<br />
== Setting Up Your Web Site for Membership==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="csharp"><br />
Adding an <authentication> Element to the web.config File<br />
<br />
<?xml version="1.0" encoding="utf-8"?><br />
<configuration><br />
<system.web><br />
<authentication mode="Forms" /><br />
</system.web><br />
</configuration><br />
<br />
Adding a <forms> Element to the web.config File<br />
<br />
<?xml version="1.0" encoding="utf-8"?><br />
<configuration><br />
<system.web><br />
<authentication mode="Forms"><br />
<forms name=".ASPXAUTH"<br />
loginUrl="login.aspx"<br />
protection="All"<br />
timeout="30"<br />
path="/"<br />
requireSSL="false"<br />
slidingExpiration="true"<br />
cookieless="useDeviceProfile" /><br />
</authentication><br />
</system.web><br />
</configuration><br />
<br />
name: the name used for the cookie<br />
loginUrl: page location to which the HTTP request is redirected for login<br />
protection: protection applied to the cookie. <br />
The possible settings include All, None, Encryption, and Validation. <br />
timeout: amount of time (in minutes) after which the cookie expires. <br />
The default value is 30 minutes.<br />
path: Specifies the path for cookies issued by the application.<br />
requireSSL: whether you require that credentials be sent over an encrypted wire (SSL) instead of clear text.<br />
slidingExpiration: whether the timeout of the cookie is on a sliding scale. <br />
cookieless: how the cookies are handled by ASP.NET. <br />
The possible values include useDeviceProfile, useCookies, auto, and useUri. <br />
The default value is useDeviceProfile. <br />
<br />
Using the CreateUserWizard Server Control<br />
<br />
<%@ Page Language="VB" %><br />
<br />
<html xmlns="http://www.w3.org/1999/xhtml" ><br />
<head runat="server"><br />
<title>Creating Users</title><br />
</head><br />
<body><br />
<form id="form1" runat="server"><br />
<asp:CreateUserWizard ID="CreateUserWizard1" Runat="server"<br />
BorderWidth="1px" BorderColor="#FFDFAD" BorderStyle="Solid"<br />
BackColor="#FFFBD6" Font-Names="Verdana"><br />
<TitleTextStyle Font-Bold="True" BackColor="#990000"<br />
ForeColor="White"></TitleTextStyle><br />
</asp:CreateUserWizard><br />
</form><br />
</body><br />
</html></source><br />
<br />
<br />
<br />
== The web configuration file used to set up the XmlMembershipProvider==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="csharp"><br />
File: Web.Config<br />
<configuration><br />
<system.web><br />
<authentication mode="Forms" /><br />
<membership defaultProvider="MyMembershipProvider"><br />
<providers><br />
<add<br />
name="MyMembershipProvider"<br />
type="MyNamespace.XmlMembershipProvider"<br />
dataFile="~/App_Data/Membership.xml"<br />
requiresQuestionAndAnswer="false"<br />
enablePasswordRetrieval="true"<br />
enablePasswordReset="true"<br />
passwordFormat="Clear" /><br />
</providers><br />
</membership><br />
</system.web><br />
</configuration><br />
<br />
A sample of the Membership.xml file.<br />
File: App_Data\Membership.xml<br />
<credentials><br />
<user name="Tom" password="secret" email="tom@somewhere.ru" /><br />
<user name="Jack" password="secret" email="jack@somewhere.ru" /><br />
</credentials></source><br />
<br />
<br />
<br />
== Use the methods of the Membership class to create custom Login controls.==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="csharp"><br />
using System;<br />
using System.Web.Security;<br />
using System.Web.UI;<br />
using System.Web.UI.WebControls;<br />
namespace myControls<br />
{<br />
public class UsersOnline : WebControl<br />
{<br />
protected override void RenderContents(HtmlTextWriter writer)<br />
{<br />
writer.Write(Membership.GetNumberOfUsersOnline());<br />
}<br />
}<br />
}<br />
<br />
File: ShowUsersOnline.aspx<br />
<%@ Page Language="C#" %><br />
<%@ Register TagPrefix="custom" Namespace="myControls" %><br />
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"<br />
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><br />
<html xmlns="http://www.w3.org/1999/xhtml" ><br />
<head id="Head1" runat="server"><br />
<title>Show UsersOnline</title><br />
</head><br />
<body><br />
<form id="form1" runat="server"><br />
<div><br />
How many people are online?<br />
<br/><br />
<custom:UsersOnline<br />
id="UsersOnline1"<br />
Runat="server" /><br />
</div><br />
</form><br />
</body><br />
</html></source><br />
<br />
<br />
<br />
== Using ASP.NET Membership==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="csharp"><br />
ASP.NET Membership uses the provider model. <br />
The ASP.NET Framework includes two Membership providers:<br />
SqlMembershipProvider stores user information in a Microsoft SQL Server database.<br />
ActiveDirectoryMembershipProvider stores user information in the Active Directory or an Active Directory Application Mode server.</source><br />
<br />
<br />
<br />
== Using the Membership Application Programming Interface==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="csharp"><br />
<%@ Page Language="C#" %><br />
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"<br />
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><br />
<html xmlns="http://www.w3.org/1999/xhtml" ><br />
<head id="Head1" runat="server"><br />
<title>List Users</title><br />
</head><br />
<body><br />
<form id="form1" runat="server"><br />
<div><br />
<asp:GridView<br />
id="grdUsers"<br />
DataSourceID="srcUsers"<br />
Runat="server" /><br />
<asp:ObjectDataSource<br />
id="srcUsers"<br />
TypeName="System.Web.Security.Membership"<br />
SelectMethod="GetAllUsers"<br />
Runat="server" /><br />
</div><br />
</form><br />
</body><br />
</html></source></div>
Admin