Backend Development
C#.Net Tutorial
Example of implementing Forms authentication authentication process in asp.net mvc
Example of implementing Forms authentication authentication process in asp.net mvc
This article mainly introduces the Forms authentication authentication process in asp.net MVC. The editor thinks it is quite good. Now I will share it with you and give you a reference. Let’s follow the editor and take a look.
Verification process
1. User login
1. Verification Form: ModelState.IsValid
2. Verify username and password: Verify by querying the database
3. If the username and password are correct, save the cookie on the client to save the user login status: SetAuthCookie
1): From Find the username and some necessary information in the database, and save the additional information to UserData
2): Save the username and UserData to the FormsAuthenticationTicket ticket
3): Encrypt the ticket Encrypt
4) : Save the encrypted ticket in Cookie and send it to the client
4. Jump to the page before login
5. If login fails, return to the current view
2 , Verify login
1. Register the PostAuthenticateRequest event function in Global to parse the Cookie data sent by the client
1): Judge by HttpContext.Current.User.Identity Whether the user is logged in (FormsIdentity, IsAuthenticated, AuthenticationType)
2): Parse the Value from the cookie of the Request of the HttpContext, decrypt it to get the FormsAuthenticationTicket and get the UserData
2, role verification
1): Add the Authorize feature to the Action , role verification can be performed
2): Perform role authentication in the IsInRole method of HttpContext.Current.User (needs to be rewritten)
1. User login
1. Set web.config
Set redirect login page
<system.web> <authentication mode="Forms"> <forms name="loginName" loginUrl="/UserInfo/login" cookieless="UseCookies" path="/" protection="All" timeout="30"></forms> </authentication> </system.web>
Comment out
<modules> <!--<remove name="FormsAuthentication" />--> </modules>
2. Login verification controller
Methods modified with "[Authorize]" in the controller reject anonymity.
public class UserInfoController : Controller //控制器
{
//身份验证过滤器
[Authorize]
public ActionResult Index()
{
return View();
}
}Login in the controller
/// <summary>
/// 用户登录
/// </summary>
/// <returns></returns>
public ActionResult login()
{
return View();
}
[HttpPost]
public ActionResult login(loginModels login) {
if (ModelState.IsValid)
{
var model = db.Admininfo.FirstOrDefault(a => a.AdminAccount == login.AdminAccount && a.AdminPwd == login.AdminPwd);
if (model != null)
{
//存入票据(用户登录的时候去存信息,如果有信息直接去登录)
var dtoModel = new Users
{
id = model.id,
AdminPwd = model.AdminPwd,
AdminAccount=model.AdminAccount
};
//调用
SetAuthCookie(dtoModel);
//获取登录地址
var returnUrl = Request["ReturnUrl"];
//判断登录地址是不是空值
if (!string.IsNullOrWhiteSpace(returnUrl))
{
return Redirect(returnUrl);
}
else
{
//return RedirectiToAction
return Redirect("/Home/index");
}
}
else
{
ModelState.AddModelError("", "账号密码不对");
return View(login);
}
}
else
{
ModelState.AddModelError("", "输入的信息有误");
return View(login);
}Cookie the login account
/// <summary>
/// 对登录账号进行cookie
/// </summary>
/// <param name="model"></param>
public void SetAuthCookie(Users loginModel) {
//1、将对象转换成json
var userdata = loginModel.ToJson();
//2、创建票据FormsAuthenticationTicket
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(2,"loginUser",DateTime.Now,DateTime.Now.AddDays(1), false, userdata);
//对票据进行加密
var tickeEncrypt = FormsAuthentication.Encrypt(ticket);
//创建Cookie,定义
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, tickeEncrypt);
cookie.HttpOnly = true;
cookie.Secure = FormsAuthentication.RequireSSL;
cookie.Domain = FormsAuthentication.CookieDomain;
cookie.Path = FormsAuthentication.FormsCookiePath;
cookie.Expires = DateTime.Now.Add(FormsAuthentication.Timeout);
//先移除cookie,在添加cookie
Response.Cookies.Remove(FormsAuthentication.FormsCookieName);
Response.Cookies.Add(cookie);
}3. Add model files to Models
public class loginModels
{
/// <summary>
/// 账号
/// </summary>
[DisplayName("账号")]
[Required(ErrorMessage = "账号不能为空")]
public string AdminAccount { get; set; }
/// <summary>
/// 密码
/// </summary>
[DisplayName("密码")]
[Required(ErrorMessage = "密码不能为空")]
public string AdminPwd { get; set; }
}4. Login code in Views:
Copy code The code is as follows:
@using (Html.BeginForm("Login", "Account", new { ReturnUrl = ViewBag.ReturnUrl }, FormMethod.Post, new {
@class = "form-horizontal", role = "form" }))5.Global settings
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
//1、通过sender获取http请求
// HttpApplication app = new HttpApplication();//实例化
HttpApplication app = sender as HttpApplication;
//2、拿到http上下文
HttpContext context = app.Context;
//3、根据FormsAuthe,来获取cookie
var cookie = context.Request.Cookies[FormsAuthentication.FormsCookieName];
if (cookie != null)
{
//获取cookie的值
var ticket = FormsAuthentication.Decrypt(cookie.Value);
if (!string.IsNullOrWhiteSpace(ticket.UserData))
{
//把一个字符串类别变成实体模型
var model = ticket.UserData.ToObject<AdmininfoViewModel>();
//var acount = model.AdminAccount; //获取账号
context.User = new MyFormsPrincipal<AdmininfoViewModel>(ticket, model);
//MyFormsPrincipal.Identity = new FormsIdentity(ticket);
// MyFormsPrincipal.userdata;
}
}
}6. Log out
In the controller
/// <summary>
/// 退出登录
/// </summary>
public ActionResult loginout()
{
//删除票据
FormsAuthentication.SignOut();
//清除cookie
Response.Cookies[FormsAuthentication.FormsCookieName].Expires = DateTime.Now.AddDays(-1);
Response.Cookies.Remove(FormsAuthentication.FormsCookieName);
return RedirectToAction("Index", "Home");
}View jump link
@Html.ActionLink("安全退出","loginout","Users")The above is the detailed content of Example of implementing Forms authentication authentication process in asp.net mvc. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1664
14
1422
52
1316
25
1267
29
1239
24
How to verify signature in PDF
Feb 18, 2024 pm 05:33 PM
We usually receive PDF files from the government or other agencies, some with digital signatures. After verifying the signature, we see the SignatureValid message and a green check mark. If the signature is not verified, the validity is unknown. Verifying signatures is important, let’s see how to do it in PDF. How to Verify Signatures in PDF Verifying signatures in PDF format makes it more trustworthy and the document more likely to be accepted. You can verify signatures in PDF documents in the following ways. Open the PDF in Adobe Reader Right-click the signature and select Show Signature Properties Click the Show Signer Certificate button Add the signature to the Trusted Certificates list from the Trust tab Click Verify Signature to complete the verification Let
Detailed method to unblock using WeChat friend-assisted verification
Mar 25, 2024 pm 01:26 PM
1. After opening WeChat, click the search icon, enter WeChat team, and click the service below to enter. 2. After entering, click the self-service tool option in the lower left corner. 3. After clicking, in the options above, click the option of unblocking/appealing for auxiliary verification.
How to validate IFSC code using regular expressions?
Aug 26, 2023 pm 10:17 PM
Indian Financial System Code is the abbreviation. Indian bank branches participating in the electronic funds transfer system are identified by a special 11-character code. The Reserve Bank of India uses this code in internet transactions to transfer funds between banks. IFSC code is divided into two parts. Banks are identified by the first four characters, while branches are identified by the last six characters. NEFT (National Electronic Funds Transfer), RTGS (Real Time Gross Settlement) and IMPS (Immediate Payment Service) are some of the electronic transactions that require IFSC codes. Method Some common ways to validate IFSC codes using regular expressions are: Check if the length is correct. Check the first four characters. Checkthefifthcharacter.Che
How to verify whether the input is full-width characters in golang
Jun 25, 2023 pm 02:03 PM
In golang, Unicode encoding and rune type are required to verify whether the input is full-width characters. Unicode encoding is a character encoding standard that assigns a unique numeric code point to each character in the character set, which includes full-width characters and half-width characters. The rune type is the type used to represent Unicode characters in golang. The first step is to convert the input into a rune type slice. This can be converted by using golang's []rune type, e.g.
How to verify whether input is uppercase letters in golang
Jun 24, 2023 am 09:06 AM
Golang is a high-performance, modern programming language that often involves string processing in daily development. Among them, validating whether the input is in uppercase letters is a common requirement. This article will introduce how to verify whether the input is uppercase letters in Golang. Method 1: Use the unicode package. The unicode package in Golang provides a series of functions to determine the encoding type of characters. For uppercase letters, the corresponding encoding range is 65-90 (decimal), so we can use unicod
New features in PHP 8: Added verification and signing
Mar 27, 2024 am 08:21 AM
PHP8 is the latest version of PHP, bringing more convenience and functionality to programmers. This version has a special focus on security and performance, and one of the noteworthy new features is the addition of verification and signing capabilities. In this article, we'll take a closer look at these new features and their uses. Verification and signing are very important security concepts in computer science. They are often used to ensure that the data transmitted is complete and authentic. Verification and signatures become even more important when dealing with online transactions and sensitive information because if someone is able to tamper with the data, it could potentially
How to verify whether the input is all Chinese characters in golang
Jun 24, 2023 am 09:16 AM
With the development of the times, we pay more and more attention to the verification of data, especially the verification of user input. For language verification, how to accurately determine whether the input is all Chinese characters has become an important issue. In golang, we can use the unicode package and regexp package to achieve this requirement. 1. Unicode package The unicode package provides a series of core support for Unicode. We can use the functions in this package to accurately determine whether a character is a Chinese character.
Authentication using Google reCAPTCHA in PHP
Jun 19, 2023 pm 05:38 PM
In the modern online world, website security and the protection of user privacy have become increasingly important topics. Among them, the technical method of human-machine verification has become one of the indispensable ways to prevent malicious attacks. GooglereCAPTCHA is a tool that is widely used for human-machine verification. Its concept has been deeply rooted in the hearts of the people, and its presence can even be seen on many websites we use every day. In this article, we will explore how to use GooglereCAPTCHA for verification in PHP
