出自:出自: Chris Hart
,Jokn Kauffman ,David Sussman .《Beginning ASP2.0 with C# 》[M].Wrox ,2006:125-131.
英文原文
Authentication
One area not yet discusd is that of how the authentication works for this application, and and what what what options options options are are are available available available in in in ASP ASP ASP for for for authentication. authentication. authentication. The The The examples examples examples so so so far far far have have relied on what’s known as Forms authentication. So, what is Forms authentication, and what are the other options available?
❑ Forms Forms authentication:
authentication: authentication: Login Login Login requests are made by filling in requests are made by filling in a form on a web page and and submitting submitting submitting that that that
form form form to to to the the the rver. rver. rver. When When When the the the rver rver rver receives receives receives the the the request, request, request, a a a cookie cookie cookie is is
written to the ur’s local machine, and this cookie is pasd back to the rver by the browr along with each request that is nt nt so that the ur remains authenticated for as long as is so that the ur remains authenticated for as long as is required.
❑ Windows authentication: Login pages pass ur credentials to a web rver (IIS only, not not the the the web web web rver rver rver built built built into into into VWD). VWD). VWD). The The The web web web rver rver rver then then then handles handles handles the the the authentication authentication authentication using using
whichever method is configured on the virtual directory that the application is running within. IIS hooks in to the Windows operating system and Active Directory domain structures, which means that it can rely on ur profiles that are stored externally, and u standard Windows credentials to login to the site. Depending on the configuration of your site, and depending on which ur account you ud to log in to your machine, you may not even have to log in
to the site site directly, directly, directly, becau becau becau your your your current current current Windows Windows Windows credentials credentials credentials can can can be be be pasd pasd pasd to to to the the the web web web rver rver automatically automatically for for for authentication. authentication. authentication. This This This is is is really really really handy handy handy when when when it it it comes comes comes to to to developing developing developing intranet intranet applications.
❑ Passport authentication: Login credentials are pasd to a Microsoft Passport rver where ur profiles are stored centrally. You may be familiar with this from logging in to a Hotmail account. And becau you can configure Windows to log on to a Passport account on startup, you can access your Hotmail inbox without even having to type a password.
Forms Authentication Model.
This ction looks at how Forms authentication works. Consider the following scenario:
❑ The ur
—let’s call —let’s call him Bob—wants to to view Page A, view Page A, which can’t be acce
sd by anonymous anonymous urs, urs, urs, so so so when when when Bob Bob Bob tries tries tries to to to view view view Page Page Page A, A, A, the the the browr browr browr instead instead instead displays displays displays a a a login login
page, as shown in Figure 4-29.
词典查词
Figure 4-29
❑Bob is now looking at a login page. Becau Bob registered with this site previously, 广东二级建造师报名时间
urname and password combination. Figure 4-30 shows the
he logs into the site using his
r and the rver.
interaction between Bob’s brow r and the rver.
scramble
Figure 4-30
❑Bob can now view Page A and is a happy ur. Next, Bob wants to view Page B by
a following a link from Page A. Along with the request for the page, Bob’s browr nds
copy of the cookie to the rver to let the rver know that it’s Bob who’s trying to view the page. The rver knows who Bob is, and likes Bob, so it nds Bob Page B as requested.
英语范文
Figure 4-31
❑If Bob now requests the site’s home page, the browr will tack on the cookie to the request, so even though the home page is not restricted content, the cookie is still nt to the
t the cookie, ignores it, rver. Becau the page isn’t restricted, the rver doesn’t worry abou
and nds back the home page.
❑Bob then heads back to Page A. Becau the cookie is fresh on Bob’s machine, the cookie is nt to the rver. The rver is still happy with Bob, so it lets Bob view the page.
❑ Bob goes off and makes himlf a coffee. He then makes some lunch. By the time he gets back to his computer, 25 minutes have elapd. Bob now wants to view Page B again, but the cookie on his his machine has expired. The rver doesn’t receive a cookie along with machine has expired. The rver doesn’t receive a cookie along with the page request, so Bob has to log back in again.
Cookies on a ur’s machine are normally t to expire after a specific amount of time has has elapd. elapd. elapd. In In In this this this scenario, scenario, scenario, the the the rver rver rver gives gives gives out out out cookies cookies cookies with with with a a a 20-minute 20-minute 20-minute expiry, expiry, expiry, which which
means that as long as the ur keeps making requests within 20 minutes of each other, the cookie will remain active. However, more than 20 minutes away from the site and the ur will have to log back in to the site to view restricted content.
The The login login login page page page built built built in in in the the the earlier earlier earlier examples examples examples included included included a a a box box box that that that offered offered offered you you you the the
“remember “remember my my my details details for for next next next time” time” time” option. option. option. This This This writes writes writes a a a more more more permanent permanent permanent cookie cookie cookie to to to your your
browr’s cookie collection so that your account name is pre-populated when you revisit the site. site. Becau Becau Becau you you you should should should never never never st
husband是什么意思ore store store password password password information information information in in in a a a cookie, cookie, cookie, you you you should should should always always
have to enter your password, but at least your urname field is filled in for you on each visit.
Other methods of authentication —Windows and Passport —provide the end ur with a
大专升本科怎么考similar experience.
For For example, example, example, the the the Windows Windows Windows authentication authentication authentication model model model relies relies relies on on on the the the web web web rver rver rver (which (which (which will will
likely be IIS)to control access to the site, but it can also incorporate the timeout mechanism to block urs that have been idle for too long. To configure Windows authentication, you need to specify which urs or roles from the corporate Active Directory (AD) domain can access a site. The urs can then access the site whenever they are logged on using their login details to a PC on the corporate network.
It’s It’s also also also possible possible possible to to to view view view a a a Win Win Windows dows dows authenticated authenticated authenticated site site site from from from outside outside outside of of of the the the corporate corporate
environment, though you are asked to enter your standard Windows logon credentials when you attempt to access a page protected by Windows authentication.
Server Server accepts accepts accepts cookie cookie cookie and and and nds nds nds back back back Page Page Page B B B Browr Browr Browr requests requests requests Page Page Page B B B and and and pass pass pass a a
copy of the cookie Browr Server Membership and Identity Passport authentication isn’t as 如何学习彩妆
widely adopted as Microsoft perhaps would have liked, but some sites on the Internet do link to the Passport network to handle web site authentication (for ).
Passport authentication relies on the entire repository of ur accounts being accessible from anywhere in the wired world, a bit like a central active directory for web accounts.
This book us Forms authentication to handle all authentication with the Wrox United applica
tion.
2015高考题及答案Wrox United Security
The Wrox United site that you’ve been working on so far needs to have some curity applied to it if you want to be able to include some personalization in the site. In the finished site (www.wroxunited ),you’ll e that there is shopping cart functionality built in to the site. Additionally, the finished site will also have an administration area, where you can edit fixtures, fixtures, team team team members, members, members, and and and much much much more. more. more. This This This all all all means means means that that that you’re you’re you’re going going going to to to have have have to to to add add
some urs and roles at some stage. Becau you have gained plenty of experience of using the configuration tool, you can now perform the first stage in this process.
The next Try It Out walks you through the ur accounts and roles configuration for the Wrox Wrox United United United site. site. site. At At At this this this stage, stage, stage, you you you don’t don’t don’t have have have to to to worry worry worry about about about locking locking locking down down down parts parts parts of of of the the site site—that’s a t
ask for later —that’s a task for later
汽车保养技巧 in the book. Try It Out Configuring Security in the Wrox United Site
1. Open the final version of the Wrox United site in VWD. Then click the Website menu and lect ASP Configuration. This launches the configuration tool for the site. Figure 4-32 shows the configuration screen that is displayed for the finished version of the site.
Figure 4-32
2. Click the Security link to go to the ction where you can configure urs and roles. As you did previously in this chapter, launch the curity tup wizard. As you walk through the wizard, lect the following:
❑ The application will be ud over the Internet.
❑ Roles are enabled.
❑ Roles should be defined for Administrator, FanClubMember, Manager, Owner, and
Reporter (e Figure 4-33).
3. 3. Look Look Look at at at the the the ur ur ur accounts. accounts. accounts. The The The ur ur ur accounts accounts accounts predefined predefined predefined with with with the the the Wrox Wrox Wrox United United
application are shown in Figure 4-34.
4. 4. Take Take Take a a a look look look at at at the the the configuration configuration configuration for for for the the the finished finished finished application. application. application. You’ll You’ll You’ll e e e that that that the the
preconfigured ur accounts are each members of different roles, so while the ChrisH account is a member of the Reporter role, Jim is a member of the Owners role, and Lou is a member of the Fan Club.
5. 5. After After After you you you finish finish finish the the the wizard, wizard, wizard, look look look at at at a a a couple couple couple of of of subfolders subfolders subfolders within within within the the the WroxUnited WroxUnited
directory that contain specific areas of the site —the Admin and the FanClub ctions. The areas have some access restrictions on them.
Figure 4-33 耐心 英语
