How does ASP.NET Forms Authentication really work?
I've always wondered how exactly ASP.NET forms authentication works. Yes, I know how to configure Forms Authentication, but how does forms authentication work in the background?
- User tries to access restricted page.
- Server looks for ASPXAuth cookie in the request but does not find it.
- Server redirects user to Login page as configured in web.config.
- User enters username and password and posts to the server.
- Server authenticates username and password against store. If valid...
- Server sets the Forms Authentication Ticket.
- The ticket contains (among other things) the userName, IsPersistent and the ExpirationDate.
- The ticket is encrypted and signed using keys from the <machineKey> configuration element (either from web.config or from machine.config)
- The ticket is stored in a cookie called ASPXAuth, or in the user's URL.
- Server redirects user back to the referring URL.
- User's browser requests original restricted page again. This time with the ASPXAuth cookie in the request.
- Server looks for ASPXAuth cookie and finds it.
- Server decrypts Forms Authentication Ticket found in the cookie.
- Server checks expiration on ticket. If this is still valid...
- Server now knows that the user is authenticated and knows the UserName. From here authorization can take place (i.e. code can call the database and find out if the user has access to specific features on the page)
How does ASP.NET Forms Authentication really work?的更多相关文章
- ASP.NET 4.0 forms authentication issues with IE11
As I mentioned earlier, solutions that rely on User-Agent sniffing may break, when a new browser or ...
- Forms Authentication in ASP.NET MVC 4
原文:Forms Authentication in ASP.NET MVC 4 Contents: Introduction Implement a custom membership provid ...
- ASP.NET Session and Forms Authentication and Session Fixation
https://peterwong.net/blog/asp-net-session-and-forms-authentication/ The title can be misleading, be ...
- ASP.NET Forms 身份验证
ASP.NET Forms 身份验证 在开发过程中,我们需要做的事情包括: 1. 在 web.config 中设置 Forms 身份验证相关参数.2. 创建登录页. 登录页中的操作包括: 1. 验证用 ...
- Nancy之Forms authentication的简单使用
一.前言 想必大家或多或少都听过微软推出的ASP.NET Identity技术,可以简单的认为就是一种授权的实现 很巧的是,Nancy中也有与之相类似的技术Authentication,这两者之间都用 ...
- 细说ASP.NET Forms身份认证
阅读目录 开始 ASP.NET身份认证基础 ASP.NET身份认证过程 如何实现登录与注销 保护受限制的页面 登录页不能正常显示的问题 认识Forms身份认证 理解Forms身份认证 实现自定义的身份 ...
- 简单的ASP.NET Forms身份认证
读了几篇牛人的此方面的文章,自己也动手做了一下,就想有必要总结一下.当然我的文章质量自然不能与人家相比,只是写给从没有接触过这个知识点的朋友. 网站的身份认证我以前只知道session,偶然发现一些牛 ...
- IE11下ASP.NET Forms身份认证无法保存Cookie的问题
IE11下ASP.NET Forms身份认证无法保存Cookie的问题 折腾了三四天,今天才找到资料,解决了. 以下会转贴,还没来得及深究,先放着,有空再学习下. ASP.NET中使用Forms身份认 ...
- ASP.NET Forms身份认证
asp.net程序开发,用户根据角色访问对应页面以及功能. 项目结构如下图: 根目录 Web.config 代码: <?xml version="1.0" encoding= ...
随机推荐
- Communication between C++ and Javascript in Qt WebEngine(转载)
Communication between C++ and Javascript in Qt WebEngine admin January 31, 2018 0 As Qt WebKit is re ...
- 13 UA池和代理池
一. 下载中间件 框架图 下载中间件(Downloader Middlewares) 位于scrapy引擎和下载器之间的一层组件. - 作用: (1)引擎将请求传递给下载器过程中, 下载中间件可以对请 ...
- postgres中的函数
1.编写一个只有入参,没有出参的函数: CREATE OR REPLACE FUNCTION add(a NUMERIC, b NUMERIC) RETURNS NUMERIC AS $$ SELEC ...
- C语言字符串操作小结
1)字符串操作strcpy(p, p1) 复制字符串strncpy(p, p1, n) 复制指定长度字符串strcat(p, p1) 附加字符串strncat(p, p1, n) 附加指定长度字符串s ...
- windows删除已注册服务
背景:近日,想要学习mysql主从复制,于是想在本地用多个mysql实例进行试验,试验的过程中总是挫折不断,生手不易,安装了很多实例,测试完成之后,想要删除这些实例. 虽然任务管理器可以停止任务,但是 ...
- CSS中cursor属性
光标类型 CSS十字准心 cursor: crosshair;手 cursor: pointer;cursor: hand;写两个是为了照顾IE5,它只认hand.等待/沙漏 cursor: wa ...
- leetcode二刷结束
二刷对一些常见的算法有了一些系统性的认识,对于算法的时间复杂度以及效率有了优化的意识,对于简单题和中等题目不再畏惧.三刷加油
- 【BZOJ1176】Mokia
题目大意:给定一个 N*N 的矩形,有 Q 次操作,每个操作可以是矩形单点修改或查询子矩形的权值和. 题解:CDQ分治适合处理修改操作之间互不影响且支持离线的题目. 满足以上操作条件的显然可以树套树来 ...
- 【洛谷P4309】最长上升子序列
题目大意:给定一个序列,初始为空.现在我们将 1 到 N 的数字插入到序列中,每次将一个数字插入到一个特定的位置.每插入一个数字,我们都想知道此时最长上升子序列长度是多少? 题解:学会了 rope 操 ...
- 【leetcode】1267. Count Servers that Communicate
题目如下: You are given a map of a server center, represented as a m * n integer matrix grid, where 1 me ...