2. Integrated Windows Authentication : identity of user already login
is passed automatically. No need username/pass entered.
3. Basic Authentication : All tries to access WServer require windows
login
Table 1. IIS anonymous authentication ( checked in IIS
5)
Windows authentication (3 things)
(web.config)
1. <authentication mode="Windows"
/>
2. <authorization>
<deny users="?"/>
</authorization>
3. <identity impersonate="true"/>
|
Form Authentication
(System.Web.Security)
FormsAuthentication
1. RedirectFromLoginPage( Username.Text
,false);
*Create authentication ticket having username , encrypt it, write
it as cookie to HTTP response (client)
*false = inpersistent cookie . invalid after broswer close
*Redirect to default.aspx
2. SetAuthcookie( username.Text,
true) //persistent cookie. Not being affect by browser
closure
Response.Redirect(Reqeust.Url.Localpath
)
* same as above but it doesn't redirect to default.aspx automatically
Persistent cookie must be expired by
=FormsAuthentication.SignOut(); /*delete
user cookie*/
Request Cookie =Request.Cookies["TMForm"].Value.ToString()
HttpContext context=new
HttpContext.Current;
context.User.Identity.IsAuthenticated
//return T if key value has been authenticated above method
context.User.Identity.Name.ToString()
// will bring out the key value of authentication cookie
|
<configuration>
<system.web>
<authentication mode="Forms"
>
<forms name="TMForm"
loginUrl="LogIn.aspx"
protection="All" path="/"/>
<credentials passwordFormat="Clear">
<user name="bill@cox.net" password="password"></user>
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?" /> <!-- Deny all anonymous
users -->
</authorization>
|
Unlock specified path for site
<configuration>
<system.web>
... all of your existing config stuff that applies to the entire
site as documented above...
</system.web>
<location path="default.aspx">
<system.web>
<authorization>
<allow users="?"/> //allow anonymous ONLY
to default.aspx
</authorization>
</system.web>
</location>
</configuration>
|
Custom Error
(manage unhandled exception NOT caught by try-catch )
-Manage unhandled error ( can't be handled
by try-catch-finally)
-Will be overried by <@ page ErrorPage="customerror.aspx"
>
<customErrors
defaultRedirect="~/Error/ErrorPage.aspx"
mode="ON"> Off | RemoteOnly
|
<error statusCode="500" redirect="servererror.aspx"
/>
<error statusCode="404"
redirect="filenotfound.aspx" />
<error statusCode="403"
redirect="accessdenied.aspx" />
</customErrors>
RemoteOnly |
On (enable custom error> |
Off (Disable Custom error) |
| client side see the error.htm, localside see error detail. |
Localside and client side see the def redirect error.htm
// enable custom error |
Localside and client sidee the error detail. |
Error Events
( perform action instead of display custom
error page)
1. Page_Error() in page.cs
2. Application_Error() in global.asax ( manage error of entire application
in same fashion)
ApplicationException
& SystemException <- Exception
Log
info of event to ...
-System Event Log (most robust)
-custom log file
-Database Sql Server
-Email notification
public Class MyCusExceptioin
: ApplicationException {}
Multple Catch : Specific
-> General
eg. DivideByZero ->
Overflow >Arithmetic -> Exception
