ASP.NET 里身份验证安全相关配置
安全相关的
<authorization > <allow verbs = "" users = "" roles = "" /> <deny verbs = "" users = "" roles = "" /> </authorization> --> <authorization> <allow users="*" /> </authorization>
继续,在下面里,注意timeout单位是分钟。path默认为/
<anonymousIdentification enabled="false" cookieName=".ASPXANONYMOUS" cookieTimeout="100000" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="Validation" cookieless="UseCookies" /> <!-- <authentication mode = "Windows" [None | Windows | Passport | Forms] > <forms name = ".ASPXAUTH" [String] loginUrl = "login.aspx" [String] defaultUrl = "default.aspx" [String] protection = "All" [All | None | Encryption | Validation] timeout = "30" [in Minutes][number] path = "/" [String] requireSSL = "false" [true|false] slidingExpiration = "true" [true|false] enableCrossAppRedirects = "false" [true|false] cookieless = "UseDeviceProfile" [UseUri | UseCookies | AutoDetect | UseDeviceProfile] domain = "" [String] ticketCompatibilityMode = "Framework20" [Framework20 | Framework40] > <credentials passwordFormat = "SHA1" [Clear | SHA1 | MD5] > <user name = "" [String, Required, Collection Key] password = "" [String, Required] /> </credentials> </forms> <passport redirectUrl = "internal" [String] /> </authentication> --> <authentication mode="Windows"> <forms name=".ASPXAUTH" loginUrl="login.aspx" defaultUrl="default.aspx" protection="All" timeout="30" path="/" requireSSL="false" slidingExpiration="true" cookieless="UseDeviceProfile" enableCrossAppRedirects="false" ticketCompatibilityMode="Framework20"> <credentials passwordFormat="SHA1" /> </forms> <passport redirectUrl="internal" /> </authentication>