[英]authentication in asp.net
new to asp.net , currently using Session for login/logout asp.net的新功能,当前使用会话进行登录/注销
on login page i create a new session 在登录页面上,我创建一个新会话
Session["login"]= anyvalue
on secure pages 在安全页面上
if(session["login"]!=null)
{
dostuff();
}
else
Response.Redirect("login.aspx");
Is this an OK approach to authentication in asp.net? 这是在ASP.NET中进行身份验证的好方法吗? Should I be doing anything differently? 我应该做些不同的事情吗?
EDIT: Why downvotes ??? 编辑:为什么要投票? okay guys got it 好的,伙计们知道了
This approach should work fine, I too was recommended by a senior developer to write my own logic to authorize access over using the built in security mechanism (that includes login control) 这种方法应该可以正常工作,高级开发人员也建议我编写自己的逻辑以授权使用内置安全机制(包括登录控制)进行访问
You might want to add roles in the session as well 您可能还想在会话中添加角色
And to apply more security, you can store the session in SQL Server 为了提高安全性,您可以将会话存储在SQL Server中
So the basic "Asp.Net" way of doing this is to use the built-in MembershipProvider. 因此,执行此操作的基本“ Asp.Net”方法是使用内置的MembershipProvider。
http://msdn.microsoft.com/en-us/library/sx3h274z(v=vs.100).aspx http://msdn.microsoft.com/en-us/library/sx3h274z(v=vs.100).aspx
There is a "baked in" MembershipProvider called the : SqlMembershipProvider 有一个“烘焙的” MembershipProvider,称为:SqlMembershipProvider
OR 要么
If you already have a data-store with user names and passwords, you would implement a "custom membership provider". 如果您已经有一个包含用户名和密码的数据存储,则可以实现“自定义成员资格提供程序”。
Share a little more information, and you can get a little more help. 分享更多信息,您将获得更多帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.