How to use mode "Windows"?
Change the authentication mode to Windows.
Windows Authentication mode provides the developer to authenticate a user based on Windows user accounts. This is the default authentication mode provided by ASP.Net. You can easily get the Identity of the user by using User.Identity.Name. This will return the computer name along with the user name. Windows authentication also provides IsInRole method to find the role of the user and than you can give permissions to the user depending on the role.
<authentication mode="Windows">
<forms name=" AuthenticationDemo" loginUrl="logon.aspx" protection="All" path="/" timeout="30"/>
</authentication>
Deny access to the anonymous user in the <authorization> section as follows:
<authorization>
<deny users ="?" />
<allow users = "*" />
</authorization>
Other you can make a special client to access you project with windows authentication. Code like this (this case you can get value using 'User.Identity.Name', then you can use it to do other work you like.):
<authorization>
<deny users ="?" />
</authorization>
How to use mode "Forms"?
Change the authentication mode to Forms.
Insert the <Forms> tag, and fill the appropriate attributes. (For more information about these attributes, refer to the MSDN documentation)
First you should specify a page and make sure all clients can found it. Code like this
<authentication mode="Forms">
<forms name=" AuthenticationDemo" loginUrl="logon.aspx" protection="All" path="/" timeout="30"/>
</authentication>
Deny access to the anonymous user in the <authorization> section as follows:
<authorization>
<deny users ="?" />
</authorization>
Second in that page you to validate the user's Id and Password. Code like this:
You can use one of two methods to generate the forms authentication cookie and redirect the user to an appropriate page in the cmdLogin_ServerClick event. Sample code is provided for both scenarios. Use either of them according to your requirement.
(1). Call the RedirectFromLoginPage method to automatically generate the forms authentication cookie and redirect the user to an appropriate page in the cmdLogin_ServerClick event:
private void cmdLogin_ServerClick(object sender, System.EventArgs e)
{
If (ValidateUser(txtUserName.Value,txtUserPass.Value) )
{
FormsAuthentication.RedirectFromLoginPage(txtUserName.Value, false);
}
else
{
Response.Redirect("logon.aspx", true);
}
}
(2). Generate the authentication ticket, encrypt it, create a cookie, add it to the response, and redirect the user. This gives you more control in how you create the cookie. You can also include custom data along with the FormsAuthenticationTicket in this case.
Private void cmdLogin_ServerClick(object sender, System.EventArgs e)
{
if (ValidateUser(txtUserName.Value,txtUserPass.Value) )
{
FormsAuthenticationTicket tkt;
string cookiestr;
HttpCookie ck;
tkt = new FormsAuthenticationTicket(1, txtUserName.Value, DateTime.Now,
DateTime.Now.AddMinutes(30), chkPersistCookie.Checked, "your custom data");
cookiestr = FormsAuthentication.Encrypt(tkt);
ck = new HttpCookie(FormsAuthentication.FormsCookieName, cookiestr);
if (chkPersistCookie.Checked)
ck.Expires=tkt.Expiration;
ck.Path = FormsAuthentication.FormsCookiePath;
Response.Cookies.Add(ck);
string strRedirect;
strRedirect = Request["ReturnUrl"];
if (strRedirect==null)
strRedirect = "default.aspx";
Response.Redirect(strRedirect, true);
}
else
Response.Redirect("logon.aspx", true);
}
Windows Authentication provider is the default authentication provider for ASP.NET applications. When a user using this authentication logs in to an application, the credentials are matched with the Windows domain through IIS.
There are 4 types of Windows Authentication methods:
1) Anonymous Authentication - IIS allows any user
2) Basic Authentication - A windows username and password has to be sent across the network (in plain text format, hence not very secure).
3) Digest Authentication - Same as Basic Authentication, but the credentials are encrypted. Works only on IE 5 or above
4) Integrated Windows Authentication - Relies on Kerberos technology, with strong credential encryption
Forms Authentication - This authentication relies on code written by a developer, where credentials are matched against a database. Credentials are entered on web forms, and are matched with the database table that contains the user information.
-----------------------------------------------------------------------------------
Sessionis used to store per-user information for the current Web session on the server. It supports using a database server as the back-end store.Cookieshould be used to store per-user information for the current Web session or persistent information on the client, therefore client has control over the contents of a cookie.Cacheobject is shared between users in a single application. Its primary purpose is to cache data from a data store and should not be used as a primary storage. It supports automatic invalidation features.Applicationobject is shared between users to store application-wide state and should be used accordingly.
Cookies:
There two type of cookies in ASP.NET
Persistent cookies:
cookies are stored on your computer hard disk. They stay on your hard disk and can be accessed by web servers until they are deleted or have expired.
Non-persistent cookies:
cookies are saved only while your web browser is running. They can be used by a web server only until you close your browser. They are not saved on your disk.
------------------------------------------------------------------------------------
The default
Global.asax file template includes five methods within a server-side <script> tag:Application_Startexecutes when the web application first startsApplication_Endruns when the application is shutting downApplication_Errorexecutes whenever an unhandled exception reaches the applicationSession_Startexecutes when a new session is createdSession_Endruns when a session is expired or abandoned
Difference between response.redirect and server.transfer
Response.Redirect should be used when:
- we want to redirect the request to some plain HTML pages on our server or to some other web server
- we don't care about causing additional roundtrips to the server on each request
- we do not need to preserve Query String and Form Variables from the original request
- we want our users to be able to see the new redirected URL where he is redirected in his browser (and be able to bookmark it if its necessary)
Server.Transfer should be used when:
- we want to transfer current page request to another .aspx page on the same server
- we want to preserve server resources and avoid the unnecessary roundtrips to the server
- we want to preserve Query String and Form Variables (optionally)
- we don't need to show the real URL where we redirected the request in the users Web Browser
---------------------------------------------------------------------------------------------------------------------
Following are main advantages of using cookies in web application:- It's very simple to use and implement.
- We can avoid database hitting.
- We can reduce network traffic.
Cache["Employee"] = "DataSet Name"We can create data caching use Cache Keyword. It's located in the System.Web.Caching namespace. It's just like assigning value to the variableHow to Read data from Data Cache?Dataset dsEmployee = (Dataset) Cache ["Employee"]This is very similar to assigning object to the Dataset.This is one of the interesting things to find out the Data Caching in your local drive. First of all, From "IE Internet Option ", delete Browsing History to clear Cache.We can remove Data Cache manually.//We need to specify the cache nameCache.Remove(String key);Example:TimeSpan ts = new TimeSpan(0, 0, 10);//If cache has null, it will create two cache and it will bind into the gridviewif (Cache["Employee"] == null){dtEmployee = new DataTable("Employee");dtEmployee.Columns.Add("EmpID", typeof(int));dtEmployee.Columns.Add("EmpName", typeof(string));DataRow rs = dtEmployee.NewRow();rs[0] = 10; rs[1] = "Annathurai"; dtEmployee.Rows.Add(rs); //To assign datatable to cache memory.Cache["Employee"] = dtEmployee; Cache.Insert("Employee", dtEmployee, null, Cache.NoAbsoluteExpiration, ts); Response.Write("Its processing with Database hit");}else{//If cache has value, It retrive from cache memory and bind into the gridviewResponse.Write("Its processing from cache");}/Here we are converting cache into datatableGridView1.DataSource = (DataTable)Cache["Employee"];GridView1.DataBind(); - It's very simple to use and implement.
No comments:
Post a Comment