Shulou(Shulou.com)06/02 Report--

This article introduces the knowledge of "how to implement ASP.NET authentication service". Many people will encounter such a dilemma in the operation of actual cases, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Authentication and authorization

ASP.NET is used with IIS to support authentication and uses basic, brief, and Windows authentication. ASP.NET supports the Microsoft Passport authentication service, which provides single sign-on service and support for user profile services. ASP.NET also provides reliable services for applications that want to use form-based authentication. Form-based authentication uses Cookie to authenticate users and allows applications to perform their own credential verification.

It is important to recognize that ASP.NET authentication services depend on the authentication services provided by IIS. For example, to use basic authentication in an IIS application, you must use the Internet Service Manager tool to configure the use of basic authentication for the application.

ASP.NET provides two types of authorization services:

Check against ACL or resource permissions to determine whether authenticated user accounts can access resources.

URL authorization, which authorizes the identification of parts of the Web space.

To illustrate the difference, consider a scenario where the application is configured to allow anonymous access using the IUSR_MYMACHINE account. After authorizing a request for an ASP.NET page, such as "/ default.aspx", check the file against ACL (for example, "c:\ inetpub\ wwwroot\ default.aspx") to determine if the IUSR_MYMACHINE account has permission to read the file. If so, access is granted. File authorization for automatic execution.

For URL authorization, anonymous users are checked against the configuration data calculated for the ASP.NET application. If access to the requested URL is allowed, the request is authorized. In this case, ASP.NET checks to see if the anonymous user has access to / Default.aspx (that is, the check is based on the URL itself and not on the file that URL finally parsed to).

The difference may seem small, but it enables applications to use authentication schemes such as form-based authentication or passport authentication, where the user does not correspond to a computer or domain account. In addition, it enables authorization of virtual resources, which are not based on physical files. For example, an application can choose to map all requests for files ending in .stk to a handler that provides common quotation marks based on variables present in the query string. In this case, there is no physical .stk on which ACL checks are performed, so URL authorization is used to control access to virtual resources.

File authorization is always performed based on an authenticated account provided by IIS. If anonymous access is allowed, the account is a configured anonymous account. Otherwise, it uses the NT account. This is exactly the same way ASP works.

Using the Security tab in the Explorer property page to set files for a given file or directory ACL.URL authorization is configured as part of the ASP.NET framework application and is fully described in authorized users and roles.

To activate the ASP.NET authentication service, you must configure the element in the application's configuration file. This element can have any of the values listed in the following table.

Value description

No ASP.NET authentication service is active. Note that the IIS authentication service can still exist.

The Windows ASP.NET authentication service appends WindowsPrincipal (System.Security.Principal.WindowsPrincipal) to the current request to enable authorization for NT users or groups.

The forms ASP.NET authentication service manages Cookie and redirects unauthenticated users to the login page. It is usually used with the IIS option to allow anonymous access to the application.

The passport ASP.NET authentication service provides a convenient package for the services provided by the passport SDK (which must be installed on the computer).

For example, the following configuration file enables form-based (Cookie) authentication for the application:

This is the end of the content of "how to implement ASP.NET Authentication Service". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.