Shulou(Shulou.com)06/02 Report--

Small series to share with you how ASP.NET Forms validation, I believe most people do not know how, so share this article for your reference, I hope you read this article after a great harvest, let us go to understand it!

ASP.NET Forms Validation

User verification is a necessary module for every project. Since it has not been encountered for a long time, writing a user verification today is actually a blank mind. So I had a discussion with a colleague and decided to record the results of the discussion at home in the evening for later use. There are several methods of user authentication in ASP.NET: Windows authentication, Forms authentication, and Passport authentication. Of course, users can also customize and verify methods, and the most common is Forms verification, which is also the verification method we will discuss today.

ASP.NET Forms authentication method The first thing to configure is the web.config file, which configures the authentication node for Forms authentication, which defaults to Windows authentication. When modifying the configuration file, you should also pay attention to case, because the XML file is case-sensitive. After modification, the authentication node is shown below, which also contains some configuration parameters of form.

The properties of the forms node are described later in the discussion of the relevant members of the FormsAuthentification class, and their usefulness. User authentication, as the name implies, verifies the rationality of the user. When the user logs in to the website, verify whether the user name and password entered match the data stored in the database. There is a quick way to verify, which is great for back-office verification, because verification fails when we close the browser.

publicstaticboolValidUser(stringuserName,stringpassword) { if(! string.IsNullOrEmpty(userName)&&! string.IsNullOrEmpty(password)) { password=FormsAuthentication.HashPasswordForStoringInConfigFile(password,"MD5"); stringrealPassword=Users.GetUser(userName).Password; if(string.Compare(password,realPassword,true)==0) { FormsAuthentication.SetAuthCookie(userName,false); returntrue; } } returnfalse; }

The above method verifies the data validation of the 32-bit MD5 encrypted Password, where Users.GetUser(string) retrieves the user instance from the database by username. When the user is reasonable, the FormsAuthentication.SetAuthCookie method creates an authentication ticket for the user (by username) and adds it to the Cookie set or URL (cookieless) of the response. This implements the process of user authentication, so how do we get whether the user has passed authentication? Microsoft constantly packages the program, constantly dumbing it, of course, it is very simple to get whether the current user has passed the verification. The code is as follows:

public static bool IsAuthenticated() { return HttpContext.Current.User.Identity.IsAuthenticated; }

Isn't that easy? When the user (as long as the background management authentication case) authentication as long as these two steps OK, when the user login such as calling ValidUser method, when loading the page through IsAuthenticated method to determine whether the current user through authentication. Such a user authentication module is complete, but in the modern web, users are quite valuable things, every website will want to retain a lot of users; sometimes only members can view things, etc., so that needs better authentication. Make the user close the browser and remain authenticated for a specified period of time. This requires the operation and setting of FormsAuthenticationTicket, the code is as follows:

public static bool ValidUser(string userName, string password) { if (! string.IsNullOrEmpty(userName) && ! string.IsNullOrEmpty(password)) { password = FormsAuthentication.HashPasswordForStoringInConfigFile(password, "MD5"); string realPassword = Users.GetUser(userName).Password; if (string.Compare(password, realPassword, true) == 0) { FormsAuthenticationTicket ticket = new FormsAuthenticationTicket (1, userName, DateTime.Now, DateTime.Now.AddMinutes(20), false, null//can split Roles into strings by "," and write cookies); string data = FormsAuthentication.Encrypt(ticket); HttpCookie = new HttpCookie (FormsAuthentication.FormsCookieName, data); cookie.Path = FormsAuthentication.FormsCookiePath; cookie.Domain = FormsAuthentication.CookieDomain; cookie.Expires = ticket.Expiration; HttpContext.Current.Response.Cookies.Add(cookie); return true; } } return false; }

FormsCookiePath,CookieDomain, etc. seen in the code are obtained from the configuration file, and other FormsAuthentication members can visit MSDN(FormsAuthentication). We can also use the HttpContext.Current.User object to determine the status of the current user, or we can use the IsInRole method to determine the role of the user. Of course, after we authenticate the user, we need to add the user to the User object of the current request in the Http context HttpContext. The code is as follows:

FormsIdentity identity = new FormsIdentity(ticket); GenericPrincipal user = new GenericPrincipal(identity, new string[] { }); HttpContext.Current.User = user;

This completes the whole process of ASP.NET Forms validation. As for checking the user's cookies to determine whether the user has a record status (such as: record 1 month, 1 day, 1 year, etc.), it can be judged and written in the pipeline, and will not be repeated here.

That's all for "How to implement Forms validation in ASP.NET." Thanks for reading! I believe that everyone has a certain understanding, hope to share the content to help everyone, if you still want to learn more knowledge, welcome to pay attention to the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.