最快需要在asp.net网页表单方式进行身份认证? [英] Quickest way to require authentication in asp.net webform?
问题描述
截至目前,我有用户注册/登录,然后如果成功的话,他们重定向到主页。然而,这是极其人为的,用户可以简单地键入URL,然后转到他们想要的任何页面。我是相当新的这个和我听说的窗体身份验证提到多次的办法做什么,我需要:一个简单的手段来prevent用户访问任何页面,一旦他们没有这样做请求在一段时间,我想他们是注销,并在页面发送回日志。我猜想,到最后,我有三个问题:
As of right now, I have the user register/log in and then if successful, redirect them to the homepage. However, this is extremely artificial as the user can simply type the url and go to any page they want. I'm fairly new to this and I've heard forms authentication mentioned multiple times as a way to do what I need: a simple means to prevent a user from accessing any page and once they haven't done a "Request" in awhile, I want them to be "logged out" and sent back to the log in page. I guess, in the end, I have three questions:
1)有人可以提供我一个链接上的身份验证有很大的教程?我并不想深入太远,如果我能避免它。
1) Can someone provide me a link to a great tutorial on authentication? I don't want to get too far in depth if I can avoid it.
2)另外,是推荐使用的cookies这不?我对这个听到不同的意见?
2) Also, is it recommended to use cookies for this or not? I've heard different views on this?
3)我被告知我可以在web.config以及在code背后设置呢?这是真的?如果是这样,你推荐哪一个?
3) I was told I can set this up in the web.config as well as in code behind? Is this true? If so, which do you recommend?
非常感谢你和我,为广大的问题(S)道歉。如果您需要了解更多信息,请让我知道。
Thank you very much and I apologize for the broad question(s). If you need any more information, please let me know.
推荐答案
下面是演练:创建一个网站,会员和用户登录中,你可以使用
至于使用Cookie而言,它们可被利用。为了安全起见,最好不要把在其中任何有价值的东西。如果你有,那么你应该将其固定(另一个话题都在一起)。在你的问题的范围,知道ASP.NET连接codeS,所以你使用默认的Cookie设置都OK的散列的授权凭证。在 Web.config中的表单元素这里的属性更多信息。
As far as using cookies is concerned, they can be exploited. To be safe, its best not to put anything of value in them. If you have to, then you should secure them (another topic all together). In the scope of your question, know that ASP.NET encodes and hashes its authorization ticket so you are ok using the default cookie settings. More info on the Web.config form element attributes here.
窗体身份验证是在Web.config文件中的设置。您可以设置slidingExpiration属性来进行登录用户,如果他们不与在属性中设置的时间提出的要求。
Forms Authentication is setup in the Web.config file. You can set the slidingExpiration attribute to log a user out if they haven't made a request with in the time set in the attribute.
这篇关于最快需要在asp.net网页表单方式进行身份认证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
