如何获取asp.net登录控制自动验证一个previously身份验证的用户？ [英] How to get the asp.net login control to auto authenticate a previously authenticated user?

问题描述

我试图建立登录控制记住谁拥有$ P $的用户的登录凭据pviously进入他们的用户名和密码成功。我的记得我属性设置为true，但它似乎没有TR​​IGER在那里我可以阅读登录用户的cookie和经销商的任何事件。

I am trying to to set up the login control to remember the login credentials of a user who has previously entered their user name and password successfully. I set the remember me property to true, but it doesnt seem to triger any events where I could read the cookie and auto login the user.

有一个简单的机制来实现这一目标？

Is there a straightforward mechanism to accomplish this?

推荐答案

您需要对谷歌的窗体身份验证在ASP.NET 2.0中

您需要设置您的应用程序（通过web.config中），也可能需要更改IIS设置。虽然这一切都非常简单，也有可以使用设置的堆，所以最好是阅读一些文章。 ScottGu有
<一href=\"http://weblogs.asp.net/scottgu/archive/2006/02/24/ASP.NET-2.0-Membership_2C00_-Roles_2C00_-Forms-Authentication_2C00_-and-Security-Resources-.aspx\"相对=nofollow>博客条目是进入了很多很好的细节。

You will need to set up your application (via web.config) and may also need to alter IIS settings. While it's all quite straightforward, there are heaps of settings that can be used, so best is to read some of the articles. ScottGu has a blog entry that goes into a lot of good detail.

也有很多不错的视频的网址为： www.asp.net 包括这些的安全教程

There are also many good video's at www.asp.net including these Security Tutorials

如何：创建ASP.NET登录页和 演练：创建与会员和用户登录网站。如果我还记得，你仍然有，除非你使用SQL Server成员资格提供自己做身份验证。在这种情况下，你还是要建立数据库和web.config文件。

try How to: Create an ASP.NET Login Page and Walkthrough: Creating a Web Site with Membership and User Login. If I recall, you still have to do the authentication yourself unless you use the Sql Server Membership provider. In that case you still have to set up the database and web.config.

---

从本质上讲，一旦你设置了配置得当，你有一个登录页面。在登录页面告诉窗体身份验证创建身份验证票证你曾经的您的验证他们的身份：

Essentially, once you've set up configuration properly, you have a login page. In that login page you tell Forms Authentication to create the authentication ticket for you once you authenticate them:

if (VerifyUser(name, password) ) // this is not a framework method
    FormsAuthentication.RedirectFromLoginPage(
        userName, false); // no persistent cookie

如果你想读的身份验证票证的数据（从其他地方）。

If you want to read the authentication ticket data (from anywhere else).

// output just writes to a StringBuilder 'sb' 
output(sb, "Identity.AuthenticationType", Page.User.Identity.AuthenticationType);

FormsIdentity fi = Page.User.Identity as FormsIdentity;
if (fi == null)
{
    output(sb, "Identity Type", Page.User.Identity.ToString());
    return;
}

output(sb, "FormsIdentity.Ticket.IssueDate", fi.Ticket.IssueDate);
output(sb, "FormsIdentity.Ticket.Expiration", fi.Ticket.Expiration);
output(sb, "FormsIdentity.Ticket.Name", fi.Ticket.Name);
output(sb, "FormsIdentity.Ticket.CookiePath", fi.Ticket.CookiePath);
output(sb, "FormsIdentity.Ticket.UserData", fi.Ticket.UserData);
output(sb, "FormsIdentity.Ticket.Version", fi.Ticket.Version);
output(sb, "FormsIdentity.Ticket.IsPersistent", fi.Ticket.IsPersistent);

问题是，一旦通过验证，asp.net只会将用户重定向到登录页面，如果该身份验证票证已过期，该用户是一个受保护的页面上。 Asp.net不保留要求你不必要的认证用户。

The point is, once authenticated, asp.net will only redirect the user to the login page if the authentication ticket has expired and the user is on a protected page. Asp.net doesn't keep asking you to authenticate the user unnecessarily.

这篇关于如何获取asp.net登录控制自动验证一个previously身份验证的用户？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！