When configuring ASP.NET authentication, what is the behaviour supposed to be when you set the authentication mode to Windows
, yet have a child forms
element? For example, the following configuration is given as the default in MSDN :
<authentication mode="Windows">
<forms
name=".ASPXAUTH"
loginUrl="login.aspx"
defaultUrl="default.aspx"
protection="All"
timeout="30"
path="/"
requireSSL="false"
slidingExpiration="true"
cookieless="UseDeviceProfile" domain=""
enableCrossAppRedirects="false">
<credentials passwordFormat="SHA1" />
</forms>
<passport redirectUrl="internal" />
</authentication>
However I see zero documentation of what is meant to happen here. All documentation of the child forms
element assumes that authentication mode will be Forms
. It's particularly odd that this isn't documented because this is the default. So why does the Windows
authentication mode have a forms
child element? Does the child element get ignored and it's just there as an example of what you might want if you were to switch mode to Forms
, or does it do something more?
I think it is just for the sake of an example. I cannot point you to any documentation but looking at the code, it looks like the forms settings are read only when the authentication mode is forms .
Below is from FormsAuthenticationModule.cs
public void Init(HttpApplication app) { // authentication is an app level setting only // so we can read app config early on in an attempt to try and // skip wiring up event delegates if (!_fAuthChecked) { _fAuthRequired = (AuthenticationConfig.Mode == AuthenticationMode.Forms); _fAuthChecked = true; } if (_fAuthRequired) { // initialize if mode is forms auth FormsAuthentication.Initialize(); app.AuthenticateRequest += new EventHandler(this.OnEnter); app.EndRequest += new EventHandler(this.OnLeave); } }
Please note that FormsAuthentication.Initialize is called only when the mode is forms , which reads the forms setting from web.config file.
The code is from FormsAuthenciation.cs file
/// /// Initializes FormsAuthentication by reading /// configuration and getting the cookie values and encryption keys for the given /// application. /// public static void Initialize() { if (_Initialized) return; lock(_lockObject) { if (_Initialized) return; AuthenticationSection settings = RuntimeConfig.GetAppConfig().Authentication; settings.ValidateAuthenticationMode(); _FormsName = settings.Forms.Name; _RequireSSL = settings.Forms.RequireSSL; _SlidingExpiration = settings.Forms.SlidingExpiration; if (_FormsName == null) _FormsName = CONFIG_DEFAULT_COOKIE; _Protection = settings.Forms.Protection; _Timeout = (int) settings.Forms.Timeout.TotalMinutes; _FormsCookiePath = settings.Forms.Path; _LoginUrl = settings.Forms.LoginUrl; if (_LoginUrl == null) _LoginUrl = "login.aspx"; _DefaultUrl = settings.Forms.DefaultUrl; if (_DefaultUrl == null) _DefaultUrl = "default.aspx"; _CookieMode = settings.Forms.Cookieless; _CookieDomain = settings.Forms.Domain; _EnableCrossAppRedirects = settings.Forms.EnableCrossAppRedirects; _TicketCompatibilityMode = settings.Forms.TicketCompatibilityMode; _Initialized = true; } }
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.