asp.net 安全

asp.net的每一个请求都包含一个身份验证，即使你没有使用。通过page.user属性来实现

默认情况下，在web.config中是 <authentication mode= “ Windows “ />  因此User.Identity.Name 为计算机名称+\登录名

  None           Uses no authentication. Your application expects only anonymous users, or, if you 

                    wish, your application can provide its own authentication process.  

 Forms        Uses ASP.NET forms - based authentication as the default authentication mode.  

 Windows    Uses Windows authentication. This setting passes of  responsibility for 

                  authentication to the underlying Web server (IIS or the test Web server for Visual 

                  Studio). The Web server can then use any of its authentication methods (Basic 

                  authentication, NTLM, Kerberos, and so on) to authenticate and pass the results 

                    through to ASP.NET.  

Passport    Uses Microsoft Passport for the authentication process. This setting is deprecated. 

                Replacement third - party authentication options such as OpenID, Information Cards, 

                and LiveID are discussed in Chapter 15.   

 

 

 

  < authentication mode="Forms" > 

         < forms loginUrl="login.aspx" > 

             < credentials passwordFormat="Clear" > 

                 < user name="peter" password="curd"/ > 

                 < user name="alex" password="mackey"/ > 

             < /credentials > 

         < /forms > 

     < /authentication > 

   

     < authorization > 

         < deny users="?"/ > 

     < /authorization > 

    ....

 < /system.web >