{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 爷、活的狠高调 的问题《ASP.NET Forms Authentication - When to use?》','https://www.manongdao.com/q-703929.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am not able to decide whether I should go for Forms Authentication ? Forms authentication is often used for personalization, where content is customized for a known user. I do not have such requirement. I have usernames and passwords in the DB and need to authenticate the users against the DB ? What is the best recommended practice to achieve the same in ASP.NET 2.0 ?
相关问题
- Restricting certain page functionality or user int
- Why server controls are underlined when placed ins
- Check authentication ticket expiration without aff
- How to Include Anti-XSS in ASP.Net 2.0 Without Vis
- IIS7 Integrated Mode - Bypass Forms Auth for stati
相关文章
- FormsAuthenticationTicket expires too soon
- User.Identity.IsAuthenticated vs WebSecurity.IsAut
- Spring Security - Authentication not working even
- Authentification-None for one folder(page) when th
- Context.User.Identity.Name vs HttpContext.Current.
- ASP .NET: when UserControls loads?
- Whats the quickest way to dedupe a querystring in
- Set up STS but keep formsauthentication in webapp
TL;DR: The FormsAuthenication class has nothing to do with passwords. You need to use it to keep users logged in to your website. In order to validate the passwords, use the Membership class or your own custom system.
From the documentation for the FormsAuthentication class:
If you look at the class definition for FormsAuthentication, you'll see an Authenticate method. The documentation says "Validates a user name and password against credentials stored in the configuration file for an application." You don't want to use this because you want to store users and passwords in a database, not the config file. This is the ONLY method related to passwords in the whole FormsAuthentication class.
The correct way to issue a forms ticket is with the SetAuthCookie method, which does not take a password. So how/where do you check the password?
Answer: Membership (or something custom).
Membership is a large topic and you really need to spend some time researching it and writing a test application. I'd read at least the first three articles in the Multipart Series on ASP.NET's Membership, Roles, and Profile.
After you're done reading that, you're probably going to wonder if you should write your own custom Membership provider. You might want to take a look at some of the answers here on SO for guidance on that stackoverflow or start a new question when that comes up.
Forms Authentication is used for authentication, you can use the membership information to customize pages, but you don't have to.