发表新帖
发表新帖

Authentication through web.config not authenticating in ASP.net 3.5

前端 未结
关注
5 665
无人及你
无人及你 2020-12-16 17:04

This is one of this things that should be extremely simple and I just can\'t work out why it\'s not working.

I\'m trying to set up some very quick authentication for

相关标签:
5条回答
  • 谎友^
    2020-12-16 17:39

    Another possible pitfall that is that the user name "Admin" appears to be special and not honored if your testing a credential set in web.config

    <credentials>
 <user name="Admin" password="somepassword" />  //Authentication always returns false for me
</credentials>

<credentials>
 <user name="MyName" password="somepassword" />  //Authentication works normally 
</credentials>

    The problem doesn't seem to apply in your case, but I just spent an hour figuring that out so I thought I'd record it here.

    0 讨论(0)
  • 我在风中等你
    2020-12-16 17:45

    i find that solution........first you have to get hashvalue by using FormsAuthentication.HashPasswordForStoringInConfigFile("abc","SHA1") in text box by running your program and then provide this value in

    0 讨论(0)
  • 执念已碎
    2020-12-16 17:54

    I'm not sure if this has changed in .NET 3.5, but the <credentials> element has an attribute passwordFormat that defines the format for passwords in the web.config. From the MSDN documentation for .NET 3.5, the default format is SHA1.

    If you're using cleartext usernames and passwords in your web.config, you should use:

    ...
<credentials passwordFormat="Clear">
...

    Event though this is an internal application I'd still recommend at least hashing the password instead of leaving it in clear text.

    0 讨论(0)
  • 迷失自我
    2020-12-16 17:54

    I think the reason is because you did not indicate the passwordFormat. http://msdn.microsoft.com/en-us/library/e01fc50a.aspx

    Default is SHA1, hence your clear text in fact not used properly.

    0 讨论(0)
  • 野趣味
    2020-12-16 17:56

    You have to specify <credentials passwordFormat="Clear"> when you store password in clear text.

    The alternatives are encrypted passwords using MD5 or SHA1.

    See http://msdn.microsoft.com/en-us/library/system.web.security.formsauthentication.hashpasswordforstoringinconfigfile.aspx for a function to encode a password.

    You might also consider using some of the available user controls that does a lot for you automatically. Look under the "Login" section in the control toolbox in Visual Studio.

    The following page will provide everything you need for this simple case, and the looks of the Login control is fully customizable:

    <%@ Page Language="C#" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">

    protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
    {
        e.Authenticated = FormsAuthentication.Authenticate(Login1.UserName, Login1.Password);
    }
</script>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title>Login</title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
        <asp:Login ID="Login1" runat="server" onauthenticate="Login1_Authenticate">
        </asp:Login>
    </div>
    </form>
</body>
</html>
    0 讨论(0)
 看不清?
提交回复
热议问题