Details of using forms validation in. Net MVC

Time:2021-9-20

. net MVC uses forms verification for your reference. The details are as follows

This is how the folder is divided

First set in web.config

Authentication and authorization nodes

<system.web>
  <authentication mode="Forms">
   <forms loginUrl="~/Login/Index" timeout="2880" defaultUrl="~/Home/Index"/>
  </authentication>
  <anonymousIdentification enabled="true"/>
  <authorization>
   <deny users="?"/> <!-- Deny anonymous access -- >
  </authorization>
  <compilation debug="true" targetFramework="4.5" />
  <httpRuntime targetFramework="4.5" />
  <httpModules>
   <add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web" />
  </httpModules>
 </system.web>

If anonymous access is not required in the login folder, or there are ways to access anonymously in logincontroller in addition to login,

Then we need to add this node

<location path="Login"> <!-- This means that the methods under logincontroller can be accessed anonymously -- >
  <system.web>
   <authorization>
    <allow users="*" /> <!-- Allow anonymous access -- >
   </authorization>
  </system.web>
 </location>

Login method posted part of the code, for reference only

public bool ValidateUser(LoginVO model)
    {
      string encodePassword = MD5(model.PassWord);// encryption
      string sql =
        "select * from User_Users where ([email protected] or [email protected]) and [email protected]";
      var user = Context.Data.Query<UsersPO>(sql,
        new {UserName = model.LoginName, JobNumber = model.LoginName, PassWord = encodePassword}).SingleOrDefault();
      if (user == null) return false;
      Datetime expiration = model. Isrememberlogin // do you remember the password
        ? DateTime.Now.AddDays(14)
        : DateTime.Now.Add(FormsAuthentication.Timeout);
      var ticket=new FormsAuthenticationTicket(
        1, // specify version number: optional
        User.username, // login user name: corresponds to the users attribute of < allow users = "admin"... / > in web.config
        Datetime. Now, // publishing time
        Expiration, // expiration time
        True, // whether it is a persistent cookie
        User. Userid. Tostring(), // user data: available ((system. Web. Security. Formsidentity) (httpcontext. Current. User. Identity)). Ticket. UserData
        Formsauthentication. Formscookiepath // specify the cookie as the < forms path = "/... / > path attribute in web.config. If not specified, it defaults to" / "
        );
      var encryptedTicket = FormsAuthentication.Encrypt(ticket);
      if (HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName] != null)
      {
        HttpContext.Current.Request.Cookies.Remove(FormsAuthentication.FormsCookieName);
      }
      var loginIdentify=new HttpCookie(FormsAuthentication.FormsCookieName);
      if (model.IsRememberLogin)
      {
        loginIdentify.Expires = DateTime.Now.AddDays(7);
      }
      loginIdentify.Value = encryptedTicket;
      HttpContext.Current.Response.AppendCookie(loginIdentify);// Add cookie
      return true;
    }

    /// <summary>
    ///Encryption
    /// </summary>
    /// <param name="str"></param>
    /// <param name="encoding"></param>
    /// <param name="toUpper"></param>
    /// <param name="isReverse"></param>
    /// <param name="count"></param>
    /// <returns></returns>
    private string MD5(string str, Encoding encoding=null, int count = 1)
    {
      if (encoding == null)
      {
        encoding = Encoding.Default;
      }
      var bytes = new MD5CryptoServiceProvider().ComputeHash(encoding.GetBytes(str));
      var md5 = string.Empty;
      for (int i = 0; i < bytes.Length; i++)
      {
        md5 += bytes[i].ToString("x").PadLeft(2, '0');
      }     
      if (count <= 1) { return md5; }
      return MD5(md5, encoding, --count);
    }

The above is the whole content of this article. I hope it will be helpful to your study, and I hope you can support developpaer.