开发一般的.netWEB应用程序,基本上都是采用Form验证。ASP.NET 支持在分布式环境中(跨单个服务器上的多个应用程序或在网络场中)进行 Forms 身份验证。
Form验证的过程如下:
其代码大致如下:
FormsAuthenticationTicket Tickect=new FormsAuthenticationTicket(1,UserId,DateTime.Now,DateTime.Now.AddMinutes(60),false,EncryptedPassWord);
string encryptedTickectStr=FormsAuthentication.Encrypt(Tickect);
HttpCookie authcookie=new HttpCookie(FormsAuthentication.FormsCookieName,encryptedTickectStr);
Response.Cookies.Add(authcookie);
<configuration>
<system.web>
<authentication>
<forms name=".ASPXAUTH"
loginUrl="logon.aspx"
protection="all" <!-- Protection must be identical.-->
timeout="30"
path="/" > <!-- Path must have a compatible scope.-->
</authentication>
<!-- Validation and decryption keys must exactly match and cannot
be set to "AutoGenerate". The validation algorithm must also
be the same. -->
<machineKey>
validationKey= "C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE"
decryptionKey= "8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F"
validation="SHA1"
isolateApplications="false"
</machineKey>
</system.web>
</configuration>
Form验证的过程如下:
其代码大致如下:
FormsAuthenticationTicket Tickect=new FormsAuthenticationTicket(1,UserId,DateTime.Now,DateTime.Now.AddMinutes(60),false,EncryptedPassWord); string encryptedTickectStr=FormsAuthentication.Encrypt(Tickect); HttpCookie authcookie=new HttpCookie(FormsAuthentication.FormsCookieName,encryptedTickectStr); Response.Cookies.Add(authcookie); 如果凭据通过身份验证,则应用程序代码会附加包含用户名但不包含密码的票(作为 Cookie),并将COOKIE返回。当客户端发出请求时,则asp.net会验证请求有没有附加Cookie。如果没有,则将请求重定向到登陆页。而COOKIE在一个域内是可以共享的。因此,只需要在多个应用程序的WEBCONFIG中设置相同的
<configuration> <system.web> <authentication> <forms name=".ASPXAUTH" loginUrl="logon.aspx" protection="all" <!-- Protection must be identical.--> timeout="30" path="/" > <!-- Path must have a compatible scope.--> </authentication> <!-- Validation and decryption keys must exactly match and cannot be set to "AutoGenerate". The validation algorithm must also be the same. --> <machineKey> validationKey= "C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE" decryptionKey= "8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F" validation="SHA1" isolateApplications="false" </machineKey> </system.web></configuration>