如何实现自动登录功能 [英] How to implement a automatic login function
本文介绍了如何实现自动登录功能的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
大家好。
在我的项目中,现在我使用asp.net登录控件和自定义的
会员提供程序来进行表单身份验证。现在我想要一些功能
用户可以跳过登录表单并进行身份验证并根据会话中已有的用户名和密码自动登录系统
。
可以做到吗?怎么做?
干杯
Victor
hi guys.
In my project, now I am using a asp.net login control and a customized
membership provider to do the form authentication. Now I want some function
that user can skip the login form and be authenticated and login the system
automatically base on the username and password already in the session. Is
that possible to do ? and how to do it?
Cheers
Victor
推荐答案
你应该能够使用
FormsAuthentication类中的身份验证API轻松添加/撤销cookie以便登录状态。
看看这个例子:
http:// msdn2.microsoft.com/en-us/lib...uthcookie.aspx
-
~~~~~~~ ~~~~
Ben Rush
http: //www.ben-rush.net/blog
" Victor" < vi **** @ noemail.noemailwrote in message
news:eS ************** @ TK2MSFTNGP06.phx.gbl ...
You should be able to use the authentication API from the
FormsAuthentication class to add/revoke a cookie for sign in status easily.
Have a look at this for example:
http://msdn2.microsoft.com/en-us/lib...uthcookie.aspx
--
~~~~~~~~~~~
Ben Rush
http://www.ben-rush.net/blog
"Victor" <vi****@noemail.noemailwrote in message
news:eS**************@TK2MSFTNGP06.phx.gbl...
hi guys。
在我的项目中,现在我使用的是asp.net登录控件和定制的
会员资格提供者进行表单身份验证。现在我想要一些
功能,用户可以跳过登录表单并进行身份验证和登录
系统自动根据
$中已有的用户名和密码b $ b会话。这可能吗?怎么做?
干杯
Victor
hi guys.
In my project, now I am using a asp.net login control and a customized
membership provider to do the form authentication. Now I want some
function that user can skip the login form and be authenticated and login
the system automatically base on the username and password already in the
session. Is that possible to do ? and how to do it?
Cheers
Victor
嗨Victor,
从您的描述中,您想要添加一个代码功能,可以帮助
自动使用户登录而无需通过交互式操作
登录页面,对不对?
正如Ben建议的那样,ASP.NET表单身份验证为我们提供了API,以编程方式进行身份验证,并使用户从
未经身份验证转为身份验证状态。例如,以下两个
方法可以帮助使当前用户登录(通过传递用户名和
布尔参数)
#FormsAuthentication.RedirectFromLoginPage方法
http://msdn2.microsoft.com/en-us/lib...ormsauthentica
tion.redirectfromloginpage.aspx
#FormsAuthentication .SetAuthCookie方法
http:/ /msdn2.microsoft.com/en-us/lib...ormsauthentica
tion.setauthcookie.aspx
BTW,我''我仍然想知道你在
应用程序中的确切代码逻辑和场景,正如你所说的用户名/密码在会话中,
那么,你将如何存储用户名/密码在会话中?密码应该
登录/验证后永远不会在内存中保留。
无论如何,如果您有任何不清楚或我们错过的任何内容,请感受
免费在这里发布。
此致,
Steven Cheng
Microsoft MSDN在线支持主管
================================== ================
通过电子邮件收到我的帖子通知?请参阅
http://msdn.microsoft .com / subscripti ... ult.aspx#notif
ications。
注意:MSDN托管新闻组支持服务是针对非紧急问题
如果社区或微软支持人员在1个工作日内做出初步回复是可以接受的。请注意,每个跟随
的响应可能需要大约2个工作日作为支持
专业人士与您合作可能需要进一步调查才能达到
最有效的分辨率。该产品不适用于需要紧急,实时或基于电话的交互或复杂的b $ b项目分析和转储分析问题的情况。这种性质的问题最好通过联系
Microsoft客户支持服务(CSS)处理
href =http://msdn.microsoft.com/subscriptions/support/default.aspx\"target =_ blank> http://msdn.microsoft.com/subscripti...t/default.aspx 。
==================================== ==============
此帖子按原样提供。没有保证,也没有授予任何权利。
Hi Victor,
From your description, you want to add a code function that can help
automatically make a user loggedIn without interactive operation through
the login page, correct?
As Ben has suggested, ASP.NET forms authentication provide API for us to
programmatically do the authentication, and make a user turn from
unauthenticated to authenticated status. For example, the following two
methods can help make the current user loggedIn(by passing a username and
boolean parameter)
#FormsAuthentication.RedirectFromLoginPage Method
http://msdn2.microsoft.com/en-us/lib...ormsauthentica
tion.redirectfromloginpage.aspx
#FormsAuthentication.SetAuthCookie Method
http://msdn2.microsoft.com/en-us/lib...ormsauthentica
tion.setauthcookie.aspx
BTW, I''m still wondering your exactly code logic and scenario in the
application, as you said that the username/password is in the session,
then, how will you store username/password in session? password should
never be persisted in memory after login/authentication.
Anyway, if you have anything unclear or anything we missed, please feel
free to post here.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
我不确定我理解你。
你呢意思是:
1.用户登录一次并回到网站?如果是这样,将
持久性标志设置为true,并且cookie将在所有会话中生效。
2.用户已登录并正在浏览其他页面?如果是这样,您需要执行
,因为用户将登录。
3.用户已登录您域中的另一个站点并且您希望允许
他打到所有网站?如果是这样,请在您网站的所有
上将机器密钥设置为相同的值,并使用相同的名称显式调用cookie - 所有这些都在
配置文件中。注意:您将无法将存储的会话值从
站点切换到站点。
4.您希望某些用户能够伪造登录名并进行身份验证
与另一个帐户?这可以通过API来完成,但你如何确定这些用户?
?仔细考虑这一点,因为它非常容易让黑客知道他可以使用你的网站查询字符串,如果那个
是你绕过安全的方法。如果您不喜欢API,您可以创建MembershipUser对象并附加到正在进行的会话。
这将是
登录,这次。
-
Gregory A. Beamer
MVP; MCP:+ I,SE,SD,DBA
http://gregorybeamer.spaces。 live.com
******************************* **************
在盒子外面思考!
*************** ****************************** *
" Victor" < vi **** @ noemail.noemailwrote in message
news:eS ************** @ TK2MSFTNGP06.phx.gbl ...
I am not sure I understand you.
Do you mean:
1. User signed in once and has come back to the site? If so, set the
persistence flag to true and the cookie will live on across all sessions.
2. User has signed in and is now surfing other pages? If so, you need to do
nothing, as the user will be signed in.
3. User has signed into another site in your domain and you wish to allow
him to hit all sites? If so, set the machines keys to the same value on all
of your sites and call the cookie, explicitly, by the same name - all in
config file. NOTE: You will not be able to switch stored session values from
site to site.
4. You want certain users to be able to fake the login and be authenticated
with another account? This can be done with the API, but how are you going
to identify those users? Think this through carefully, as it is quite easy
for a hacker to figure out he can use your site with querystrings, if that
is your method of bypassing security. If you do not like the API, you can
create MembershipUser objects and attach to an ongoing session. That will
log them in, this time.
--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
http://gregorybeamer.spaces.live.com
*********************************************
Think outside the box!
*********************************************
"Victor" <vi****@noemail.noemailwrote in message
news:eS**************@TK2MSFTNGP06.phx.gbl...
hi guys。
在我的项目中,现在我使用的是asp.net登录控件和定制的
会员资格提供者进行表单身份验证。现在我想要一些
功能,用户可以跳过登录表单并进行身份验证和登录
系统自动根据
$中已有的用户名和密码b $ b会话。这可能吗?怎么做?
干杯
Victor
hi guys.
In my project, now I am using a asp.net login control and a customized
membership provider to do the form authentication. Now I want some
function that user can skip the login form and be authenticated and login
the system automatically base on the username and password already in the
session. Is that possible to do ? and how to do it?
Cheers
Victor
这篇关于如何实现自动登录功能的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
