All geek questions in one place

Login to ASP.NET website using forms authentication vs None

I have a standard ASP.NET website. Anyone can read / view any page (except the admin section), but when someone wants to contribute, they must be registered. As well as sites with lots of resources.

So, if I have my login fields or username / password / submit input fields, why do I want forms to be included, and not just? what does auth give me, which has its own code that checks my user database / pass and my own two input fields + submit button, does it work fine?

(NOTE: I really don't like the asp.net membership element that creates all these tables and usp in the database, so please do not suggest using this).

Like my code, when I authenticate a user (with my own database code), I manually create my identity, etc.

Is all this required? What is the main purpose of this?

Hooray!

+3
source share
3 answers

, . FormAuthentication cookie , , . FormsAuthentication. , .

...do your authentication against your DB or Active Directory

if (Request.QueryString["ReturnUrl"] != null)
{
    FormsAuthentication.RedirectFromLoginPage(userName.Text, false);
}
else
{
    FormsAuthentication.SetAuthCookie(userName.Text, false);
}

web.config

<system.web>
  <authentication mode="Forms">
    <forms loginUrl="Login.aspx"
           protection="All"
           timeout="30"
           name="my-auth-cookie" 
           path="/"
           requireSSL="false"
           slidingExpiration="true"
           defaultUrl="default.aspx" />
  </authentication>
</system.web>

cookie. , - , , , , .

.

+2

, ASP.Net , / .

0

, - ASP.NET. .

In my experience, I used personalized authentication and simply transferred the registered user profile (self-created) in the session variable.

Membership in asp.net can be difficult for some hosting providers.

0
source

Source: https://habr.com/ru/post/1699594/

More articles:


All Articles