asp.net提供了3种认证方式: windows身份验证, Forms验证和Passport验证.
windows身份验证: IIS根据应用程序的设置执行身份验证.要使用这种验证方式,在IIS中必须禁用匿名访问.
Forms验证:用Cookie来保存用户凭证,并将未经身份验证的用户重定向到自定义的登录页.
Passport验证:通过Microsoft的集中身份验证服务执行的,他为成员站点提供单独登录和核心配置文件服务.
一. 配置windows身份验证
1)配置IIS设置
![](https://ring1981.cnblogs.com/images/cnblogs_com/ring1981/a.GIF)
2)设置Web.config
<system.web>
<authentication mode = "Windows">
<!--通知操作系统将当前登录的用户的信任书传递给浏览器-->
<authorization>
<!--禁止匿名用户访问-->
<deny users = "?"/>
</authorization>
</system.web>
二.配置Forms身份认证
1)配置web.config
<?
xml version="1.0"
?>
<!--
Note: As an alternative to hand editing this file you can use the
web admin tool to configure settings for your application. Use
the Website->Asp.Net Configuration option in Visual Studio.
A full list of settings and comments can be found in
machine.config.comments usually located in
/Windows/Microsoft.Net/Framework/v2.x/Config
-->
<
configuration
>
<
appSettings
/>
<
connectionStrings
/>
<!--
允许匿名用户登录register.aspx页
-->
<
location
path
="register.aspx"
>
<
system
.web
>
<
authorization
>
<
allow
users
="?"
/>
</
authorization
>
</
system.web
>
</
location
>
<
system
.web
>
<!--
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.
-->
<
compilation
debug
="true"
/>
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<
authentication
mode
="Forms"
>
<
forms
name
="auth"
loginUrl
="login.aspx"
timeout
="30"
protection
="All"
path
="/"
></
forms
>
</
authentication
>
<!--
禁止匿名用户登录
-->
<
authorization
>
<
deny
users
="?"
/>
</
authorization
>
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
![](https://ring1981.cnblogs.com/Images/OutliningIndicators/None.gif)
<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>
-->
</
system.web
>
</
configuration
>
![](https://ring1981.cnblogs.com/Images/OutliningIndicators/None.gif)
2)登录页面代码
login.aspx
1
<%
@ Page Language="C#" AutoEventWireup="true" CodeFile="login.aspx.cs" Inherits="login"
%>
2
![](https://ring1981.cnblogs.com/Images/OutliningIndicators/None.gif)
3
<!
DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"
>
4
![](https://ring1981.cnblogs.com/Images/OutliningIndicators/None.gif)
5
<
html
xmlns
="http://www.w3.org/1999/xhtml"
>
6
<
head
runat
="server"
>
7
<
title
>
Untitled Page
</
title
>
8
</
head
>
9
<
body
>
10
<
form
id
="form1"
runat
="server"
>
11
<
div
>
12
<
asp:TextBox
ID
="TextBox1"
runat
="server"
></
asp:TextBox
>
13
<
asp:Button
ID
="Button1"
runat
="server"
OnClick
="Button1_Click"
Text
="登陆"
/></
div
>
14
</
form
>
15
</
body
>
16
</
html
>
1
using
System;
2
using
System.Data;
3
using
System.Configuration;
4
using
System.Collections;
5
using
System.Web;
6
using
System.Web.Security;
7
using
System.Web.UI;
8
using
System.Web.UI.WebControls;
9
using
System.Web.UI.WebControls.WebParts;
10
using
System.Web.UI.HtmlControls;
11
![](https://ring1981.cnblogs.com/Images/OutliningIndicators/None.gif)
12
public
partial
class
login : System.Web.UI.Page
13
![](https://ring1981.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
{
14
protected void Page_Load(object sender, EventArgs e)
15![](https://ring1981.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
16![](https://ring1981.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
17
}
18
protected void Button1_Click(object sender, EventArgs e)
19![](https://ring1981.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
20
FormsAuthentication.RedirectFromLoginPage(this.TextBox1.Text, false);
21
}
22
}
23
三.配置Passport身份认证
需要安装Passport Software Developer Kit.这种认证方式适合于跨站之间的应用,用户只有一个用户名和密码可以访问任何成员站。
附msdn文章:
Expain Windows Authorization http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGExplained0001.asp
Expain Form Authorization http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGExplained0002.asp