表单身份验证与 IIS 中禁用的表单身份验证一起使用
Forms Authetnication works with Forms Authentication disabled in IIS
我有一个应用程序,它使用基于表单的身份验证。我以前从未使用过这个。这是示例代码:
private bool ValidateUser(string userName, string password, string strConnectionString)
{
SqlConnection conn;
SqlCommand cmd;
string lookupPassword = null;
// Check for invalid userName.
// userName must not be null and must be between 1 and 15 characters.
if ((null == userName) || (0 == userName.Length) || (userName.Length > 15))
{
System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of userName failed.");
return false;
}
// Check for invalid passWord.
// passWord must not be null and must be between 1 and 25 characters.
if ((null == passWord) || (0 == passWord.Length) || (passWord.Length > 25))
{
System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of passWord failed.");
return false;
}
try
{
// Consult with your SQL Server administrator for an appropriate connection
// string to use to connect to your local SQL Server.
//conn = new SqlConnection(connectionstringremoved);
conn = new SqlConnection(strConnectionString)
conn.Open();
Error.Text = "Got here";
// Create SqlCommand to select pwd field from users table given supplied userName.
cmd = new SqlCommand("Select pwd from users where uname=@userName", conn);
cmd.Parameters.Add("@userName", SqlDbType.VarChar, 25);
cmd.Parameters["@userName"].Value = userName;
// Execute command and fetch pwd field into lookupPassword string.
lookupPassword = (string)cmd.ExecuteScalar();
// Cleanup command and connection objects.
cmd.Dispose();
conn.Dispose();
}
catch (Exception ex)
{
// Add error handling here for debugging.
// This error message should not be sent back to the caller.
System.Diagnostics.Trace.WriteLine("[ValidateUser] Exception " + ex.ToString());
Error.Text = ex.ToString();
}
// If no password found, return false.
if (null == lookupPassword)
{
// You could write failed login attempts here to event log for additional security.
return false;
}
// Compare lookupPassword and input passWord, using a case-sensitive comparison.
return (0 == string.Compare(lookupPassword, passWord, false));
}
我已将此应用程序发布到 IIS 6.1,我注意到无论是否启用表单身份验证,它都可以正常工作(在下面的情况下它被禁用)。
我对基本身份验证有同样的疑问。
我认为这与启用匿名身份验证有关,即启用匿名身份验证也会默认启用表单身份验证 - 或类似的东西。但是,我找不到任何文档来支持此声明。
您启用了匿名身份验证。
这实际上意味着您没有身份验证,因为 匿名身份验证 允许所有人进入。
我有一个应用程序,它使用基于表单的身份验证。我以前从未使用过这个。这是示例代码:
private bool ValidateUser(string userName, string password, string strConnectionString)
{
SqlConnection conn;
SqlCommand cmd;
string lookupPassword = null;
// Check for invalid userName.
// userName must not be null and must be between 1 and 15 characters.
if ((null == userName) || (0 == userName.Length) || (userName.Length > 15))
{
System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of userName failed.");
return false;
}
// Check for invalid passWord.
// passWord must not be null and must be between 1 and 25 characters.
if ((null == passWord) || (0 == passWord.Length) || (passWord.Length > 25))
{
System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of passWord failed.");
return false;
}
try
{
// Consult with your SQL Server administrator for an appropriate connection
// string to use to connect to your local SQL Server.
//conn = new SqlConnection(connectionstringremoved);
conn = new SqlConnection(strConnectionString)
conn.Open();
Error.Text = "Got here";
// Create SqlCommand to select pwd field from users table given supplied userName.
cmd = new SqlCommand("Select pwd from users where uname=@userName", conn);
cmd.Parameters.Add("@userName", SqlDbType.VarChar, 25);
cmd.Parameters["@userName"].Value = userName;
// Execute command and fetch pwd field into lookupPassword string.
lookupPassword = (string)cmd.ExecuteScalar();
// Cleanup command and connection objects.
cmd.Dispose();
conn.Dispose();
}
catch (Exception ex)
{
// Add error handling here for debugging.
// This error message should not be sent back to the caller.
System.Diagnostics.Trace.WriteLine("[ValidateUser] Exception " + ex.ToString());
Error.Text = ex.ToString();
}
// If no password found, return false.
if (null == lookupPassword)
{
// You could write failed login attempts here to event log for additional security.
return false;
}
// Compare lookupPassword and input passWord, using a case-sensitive comparison.
return (0 == string.Compare(lookupPassword, passWord, false));
}
我已将此应用程序发布到 IIS 6.1,我注意到无论是否启用表单身份验证,它都可以正常工作(在下面的情况下它被禁用)。
我对基本身份验证有同样的疑问。
我认为这与启用匿名身份验证有关,即启用匿名身份验证也会默认启用表单身份验证 - 或类似的东西。但是,我找不到任何文档来支持此声明。
您启用了匿名身份验证。
这实际上意味着您没有身份验证,因为 匿名身份验证 允许所有人进入。