asp.net-authentication

问题 How to decide which authentication to use for authentication. (Ex: Forms based Authentication or Token Based Authentication). What are the merits of using Token based Authentication over forms/session/cookie based authetication. I have read multiple articles online but still unclear. Can anyone explain me how to choose between these two for web and mobile platform user authentication. 回答1: JWT is better unless you have a specific need that I'm not aware of. Session requires cookies and

问题 I wanted to add my own custom data for users so I was following the tutorial here: https://docs.microsoft.com/en-us/aspnet/core/security/authentication/add-user-data?view=aspnetcore-2.2&tabs=visual-studio I already had an existing application so I could not follow that tutorial line by line(my existing application has a database of users already). I didn't get very far in it when I hit the above error. I used the scaffolder to try to add System.InvalidOperationException: Scheme already exists

问题 May be my question is crazy. 1) ASP.net MVC is stateless, so there is no session involved in here. How does the authentication module work and do you have any articles which you can point me to understand the Authentication basics. What are the authentication information stored in. [Novice MVC] 回答1: The web is stateless. Both ASP.NET and ASP.NET MVC have mechanisms for creating an application state. Advocates of MVC like that it provides the developer with more control over how state is

问题 By default ASP.NET MVC setups up the AccountController to use the SqlMembershipProvider, SqlProfileProvider and the SqlRoleProvider. I don't really need everything that brings to the table, in fact, it is more of a hassle to shape my data into that model. What is the minimum I need to implement on the MembershipProvider, RoleProvider and ProfileProvider abstract classes to get authentication and authorization and not break some other dependency that might be there? For instance, on the

问题 I'm using the cookie middleware in ASP.NET Core 1.0 without ASP.NET Identity - as described in this article: https://docs.asp.net/en/latest/security/authentication/cookie.html When a user makes certain changes to his/her profile, I need to change some values in the cookie. In such scenarios, this article tells me to call context.ReplacePrincipal() and set the context.ShouldRenew flag to true How exactly do I do that? I think the article is referring to HttpContext. I don't see a

问题 I have a AngularJS + MVC + WebAPI where I'm trying to: - Use standard (individual accounts) for MVC authentication; - Use those same users and password for WebAPI based authentication. Problem, from AngularJS everything works fine, the cookie exchange happens, and Web API returns the value, but when I'm trying to access the WebAPI from Postman, I get a redirect to logon page instead of a 401 Unauthorized. What is the easiest way to achieve this? Do I have to subclass Authorize and implement

问题 Hello guys I having been keeping searching for answers for a few days and read couple of posts already but still quite confused. I am using a user table with fields including First Name, Last Name, Email, Password, RoleID and other stuff like phone numbers etc. Also I have a "role table" which has a Field standing for "Role Name" in string and few other fields stands for different Accesses of Boolean type such as "AccessToAlterItemInformation" which if a user with such roles who having

问题 I basically need to login into another domain that is using asp.net membership. If we have an ASP.net web application using ASP.Net Membership on one hand, and an HTML page from another domain on the other hand. Is it possible to login into the ASP.NET website via remote HTML page. I've done this with Coldfusion before but ASP.NET membership is using a server control. Cheers! 回答1: Underneath the Login Server Control, ASP.NET uses a MembershipProvider implementation and Forms Authentication to

问题 How do i get all users from a specific role? var users = Membership.GetAllUsers(); gets all users in all roles. it returns a list of MembershipUser , but there is no role property. Thanks 回答1: You need to use the Roles class defined in System.Web.Security. It has a Roles.GetUsersInRole method. Here is the documentation. If you want to map the returned username to a MembershipUser you can use Membership.GetUser(string username) method on each of the returned values. 回答2: Roles are handled by

问题 How to use forms authentication without login control.I don't want to use asp.net login control in my site.But i have to implement forms authentication and to validate users in my database. 回答1: I am assuming that instead of using a login control, you are using a few textboxes(eg username/password) and a logon button. The code could look something like this: In your aspx file <asp:Textbox runat="server" ID="Username"/> <asp:Textbox runat="server" ID="Password"/> <asp:Button runat="server" ID=