[英]Forms Authetnication works with Forms Authentication disabled in IIS
我有一个使用基于表单的身份验证的应用程序。 我以前从未使用过。 这是示例示例代码:
private bool ValidateUser(string userName, string password, string strConnectionString)
{
SqlConnection conn;
SqlCommand cmd;
string lookupPassword = null;
// Check for invalid userName.
// userName must not be null and must be between 1 and 15 characters.
if ((null == userName) || (0 == userName.Length) || (userName.Length > 15))
{
System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of userName failed.");
return false;
}
// Check for invalid passWord.
// passWord must not be null and must be between 1 and 25 characters.
if ((null == passWord) || (0 == passWord.Length) || (passWord.Length > 25))
{
System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of passWord failed.");
return false;
}
try
{
// Consult with your SQL Server administrator for an appropriate connection
// string to use to connect to your local SQL Server.
//conn = new SqlConnection(connectionstringremoved);
conn = new SqlConnection(strConnectionString)
conn.Open();
Error.Text = "Got here";
// Create SqlCommand to select pwd field from users table given supplied userName.
cmd = new SqlCommand("Select pwd from users where uname=@userName", conn);
cmd.Parameters.Add("@userName", SqlDbType.VarChar, 25);
cmd.Parameters["@userName"].Value = userName;
// Execute command and fetch pwd field into lookupPassword string.
lookupPassword = (string)cmd.ExecuteScalar();
// Cleanup command and connection objects.
cmd.Dispose();
conn.Dispose();
}
catch (Exception ex)
{
// Add error handling here for debugging.
// This error message should not be sent back to the caller.
System.Diagnostics.Trace.WriteLine("[ValidateUser] Exception " + ex.ToString());
Error.Text = ex.ToString();
}
// If no password found, return false.
if (null == lookupPassword)
{
// You could write failed login attempts here to event log for additional security.
return false;
}
// Compare lookupPassword and input passWord, using a case-sensitive comparison.
return (0 == string.Compare(lookupPassword, passWord, false));
}
我已经将此应用程序发布到IIS 6.1,并且注意到无论是否启用了表单身份验证(在下面的情况中都被禁用),它都可以工作。
我对基本身份验证有相同的问题。
我相信这与启用匿名身份验证有关,即,启用匿名身份验证默认情况下也会启用表单身份验证-或类似的东西。 但是,我找不到任何文档来支持此声明。
您已启用匿名身份验证 。
这实际上意味着您没有身份验证,因为匿名身份验证允许所有人进入。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.