As shown by the code above , the name attribute is the name of HTTP cookie. The attribute loginURL is set to Login. aspx , which is the web page that is used for authenticating user credentials. The requests are redirected to particular URL in loginURL if the user is not authenticated. The cookie protection is set to All. This causes the ASP. NET runtime to not only encrypt the cookie contents , but also validate the cookie contents. The valid values for protection attribute are All , None , Encryption , and Validation. [8 ] If the value is specified to None , it does not use either encryption or validation. Specifying Encryption will encrypt the cookie using triple DES or DES encryption algorithm ; the data validation is not done on the cookie. The Validation specifies to validate that the cookie data has not been altered in the transit , instead of encrypting the content s of the cookie. The timeout is set to 10 , which means in 10 minutes the authentication cookie will expire. The idea behind this is to reduce the chance someone stealing the form authentication cookie. By reducing this , the cookie will be regenerated more often. The path attribute refers to the path of cookie to be sent to the client . It is set to ″/ ″which means the cookie path is the root directory.
(iii) Configure < authorization > section in Web. config file,
操作系统课程设计-模拟FIFO页面调度算法处理缺页中断c++源码 Add authorization support to section of ASP. NET web application. To do so , add the <authorization> section in Web. config file :
As explained above , after the user provides the valid credentials , the user is redirected to the specific protected page. However , The authorization section in this code will deny access to all users , but exclusively allow access to Narcis.
(iv) Create Login Page
This is the last step for redirecting unauthenticated users , so they can provider their credentials , usually in a form of username and password and logon to protected resources. The login page must validate the submitted credentials against a database of some custom method. Valid usernames and passwords can be stored in the Web. config file in credentials section :
However , storing password in clear text is unreasonable for security. Moreover , it is unrealistic to store thousands of names and passwords in Web.config file. [2 ,7]To address this problem , the usernames and passwords are stored in the database.This approach makes the Web. config file no longer have the < credentials > section. There will be also some changes in Login. aspx since the credentials will be tested to match against result query from database that stores the usernames and passwords.
上一页 [1] [2] [3] [4] [5] 下一页
ASP. NET 中认证安全特征英文论文文献和翻译 第3页下载如图片无法显示或论文不完整,请联系qq752018766
