Through learning, I have mastered two control methods to achieve anonymous access control for the website. One is implemented through IIS, and the other is implemented through ASP.NET. Personally, I feel that there is no difference between the two basically achievable functions, but the one implemented through ASP.NET is easier to manage and maintain.
The implementation through IIS is relatively clear. You can set access permissions for a folder or a single file (page). IIS provides "directory security" and "file security" setting methods. And you can directly set the permissions of different visitors. Among them, anonymous access control methods are provided, which will not be detailed here.
ASP.NET control method:
First introduce the effect of the example. After logging in to a website, the user information can be saved in a cookie and identify the user as authenticated. When accessing other pages, the user's identity can be directly verified. Make a judgment, and if it passes, you can continue to access the page. If it is an anonymous access user who has not passed the verification (that is, a non-logged-in user), it will jump to the login page to prompt the user to log in. Set one of the user registration pages to be accessible anonymously, because according to the business logic, you can only log in if you allow registration.
On the login page, you should first verify the user's username and password. You can use the method of comparing with the database or verifying in AD. Then use the following method to identify the current user in the cookie as a verified user, and Jump to the page the user requested before jumping to the landing page.
FormsAuthentication.RedirectFromLoginPage(userName,createPersistentCookie);
We use the following method to authenticate the user on the page directly requested by the user.
Context.User.Identity.IsAuthenticated
Context: Gets the System.Web.HttpContext object associated with the page
User: Gets or sets security information for the current HTTP request
Identity: Gets the identity of the current user
IsAuthenticated: Gets a bool value that indicates whether Verified user
Then we make security settings in Web.config.
<authentication mode="Forms">
<forms loginUrl="Login.aspx"></forms>
</authentication>
"Forms" You provide a custom form (Web page) for users to enter their credentials, and then in your Verify their identity within the application. User credential tokens are stored in cookies.
<authorization>
<deny users="?" />
</authorization>
deny means forbidden, users="?" means anonymous users
<location path="NewUser.aspx">
<system.web>
<authorization>
<allow users= "*" />
</authorization>
</system.web>
</location>
represents the new user registration page NewUser.aspx, which can be accessed by anyone.
This achieves access control for anonymous users.
Example: Download http://bear-study-hard.cnblogs.com/archive/2006/05/31/414134.html