给你一个参考: <authentication mode="Forms"> <forms name = ".ASPXUSERDEMO" loginUrl = "index.aspx" protection = "All" timeout = "60" path = "/"> </forms> </authentication>语法: Attribute Description :loginUrl: Logon URL to which unauthenticated users are redirected. This can be on the same computer or a remote one. If it is on a remote computer, both computers need to be using the same value for the decryptionkey attribute. name: Name of the HTTP cookie to use for authentication purposes. Note that if more than one application wants to use forms-based authentication services on a single computer, they should each configure a unique cookie value. In order to avoid causing dependencies in URLs, ASP.NET uses "/" as the Path value when setting authentication cookies, so that they are sent back to every application on the site. timeout: Amount of time in integer minutes, after which the cookie expires. The default value is 30. The timeout attribute is a sliding value, expiring n minutes from the time the last request was received. In order to avoid adversely affecting performance and to avoid multiple browser warnings for those who have cookies warnings turned on, the cookie is updated if the time is more than half gone. (This means a loss of possible precision in some cases.)
path : Path to use for the issued cookie. The default value is "/" to avoid difficulties with mismatched case in paths, since browsers are strictly case-sensitive when returning cookies. Applications in a shared-server environment should use this directive to maintain private cookies. (Alternatively, they can specify the path at runtime using the APIs to issue cookies.) protection : Method used to protect cookie data. Valid values are as follows: All: Use both data validation and encryption to protect the cookie. The configured data validation algorithm is based on the element. Triple DES is used for encryption, if available and if the key is long enough (48 bytes). All is the default (and suggested) value. None: Use for sites that are only using cookies for personalization and have weaker security requirements. Both encryption and validation can be disabled. Although you should use caution if you use cookies in this way, this setting provides the best performance of any method of doing personalization using the .NET Framework. Encryption: Encrypts the cookie using TripleDES or DES, but data validation is not done on the cookie. This type of cookie can be subject to chosen plaintext attacks. Validation: Does not encrypt the contents of the cookie, but validates that the cookie data has not been altered in transit. To create the cookie, the validation key is concatenated in a buffer with the cookie data and a MAC is computed and appended to the outgoing cookie.
You should set up the Web.config configuration file to have the following entries and place it in the application root directory (the directory in which Default.aspx resides).<configuration> <system.web> To set up the Web.config configuration file Set the authentication mode to Forms. Other possible values are Windows, Passport, and None (empty string). For this example, it must be Forms. <authentication mode="Forms" > Set the form's authentication attributes. <forms Set the loginUrl attribute to login.aspx. Login.aspx is the URL to use for redirection if ASP.NET does not find a cookie with the initial request. loginUrl = "login.aspx" Set the cookie's name suffix. name = "FORMSAUTHCOOKIE"/> Deny unauthenticated users access to this directory. </authentication> <authorization> <deny users="?" /> </authorization> </system.web> </configuration>
还不行。 问一下,怎么看出来我用的是bate2? 还有uid=;pwd=;怎么填,是填我的windows登陆名吗? (数据连接用的是“使用windows NT集成安全设置) 我看的书上说,.ASPXAUTH是默认值,ASPXUSERDEMO是什么 loginUrl英文注释没看懂,是什么啊? 我的web.config文件如下: <?xml version="1.0" encoding="utf-8" ?> <configuration> <appSettings> <add key="connectionString" value="server=BILLGATES;uid=sa;pwd=;database=C1cstore" /> </appSettings> <system.web> <!-- DYNAMIC DEBUG COMPILATION Set compilation debug="true" to enable ASPX debugging. Otherwise, setting this value to false will improve runtime performance of this application. Set compilation debug="true" to insert debugging symbols (.pdb information) into the compiled page. Because this creates a larger file that executes more slowly, you should set this value to true only when debugging and to false at all other times. For more information, refer to the documentation about debugging ASP.NET files. --> <compilation defaultLanguage="c#" debug="true" /> <!-- CUSTOM ERROR MESSAGES Set mode="on" or "remoteonly" to enable custom error messages, "off" to disable. Add <error> tags for each of the errors you want to handle. --> <customErrors mode="Off" /> <!-- AUTHENTICATION This section sets the authentication policies of the application. Possible modes are "Windows", "Forms", "Passport" and "None" --> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ <authentication mode="Forms"> <!--后面的是书上写的<forms name=".ASPXAUTH" protection="All" timeout="60" />--> <forms name = ".ASPXAUTH" loginUrl = "index.aspx" protection = "All" timeout = "60" path = "/">
</forms> </authentication> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++= <!-- APPLICATION-LEVEL TRACE LOGGING Application-level tracing enables trace log output for every page within an application. Set trace enabled="true" to enable application trace logging. If pageOutput="true", the trace information will be displayed at the bottom of each page. Otherwise, you can view the application trace log by browsing the "trace.axd" page from your web application root. --> <trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" /> <!-- SESSION STATE SETTINGS By default ASP.NET uses cookies to identify which requests belong to a particular session. If cookies are not available, a session can be tracked by adding a session identifier to the URL. To disable cookies, set sessionState cookieless="true". --> <sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;user id=sa;password=" cookieless="false" timeout="20" /> <!-- PREVENT SOURCE CODE DOWNLOAD This section sets the types of files that will not be downloaded. As well as entering a httphandler for a file type, you must also associate that file type with the aspnet_isapi.dll in the App Mappings property of the web site, or the file can be downloaded. It is recommended that you use this section to prevent your sources being downloaded. --> <httpHandlers> <add verb="*" path="*.vb" type="System.Web.HttpNotFoundHandler,System.Web" /> <add verb="*" path="*.cs" type="System.Web.HttpNotFoundHandler,System.Web" /> <add verb="*" path="*.vbproj" type="System.Web.HttpNotFoundHandler,System.Web" /> <add verb="*" path="*.csproj" type="System.Web.HttpNotFoundHandler,System.Web" /> <add verb="*" path="*.webinfo" type="System.Web.HttpNotFoundHandler,System.Web" /> </httpHandlers> <!-- GLOBALIZATION This section sets the globalization settings of the application. --> <globalization requestEncoding="utf-8" responseEncoding="utf-8" /> </system.web> </configuration>
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
“/Authentication”应用程序中的服务器错误。
--------------------------------------------------------------------------------配置错误
说明: 在处理向该请求提供服务所需的配置文件时出错。请检查下面的特定错误详细信息并适当地修改配置文件。 分析器错误信息: 无法识别的配置节“forms”源错误:
行 40: -->
行 41: <authentication mode="Forms"/>
行 42: <forms name=".ASPXAUTH" protection="All" timeout="60"/>
行 43: </authentication>
行 44:
源文件: c:\inetpub\wwwroot\Authentication\web.config 行: 42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
再帮帮忙吧,谢了。--------------------------------------------------------------------------------
版本信息: 运行时版本:1.0.2914.16; ASP.NET 版本:1.0.2914.16
行 42: <forms name=".ASPXAUTH" protection="All" timeout="60"/>
行 43: </authentication>
这一节应该放在虚拟目录下的web.config中,而不是虚拟目录下的子目录下的web.config中
<system.web><authentication mode="Forms"/> //---注意此处为红色---
<forms name=".ASPXAUTH" protection="All" timeout="60"/>
</authentication>
</system.web>
</configuration>
应该是这样
只有一个WEB.CONFIG
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
“/Authentication”应用程序中的服务器错误。
--------------------------------------------------------------------------------配置错误
说明: 在处理向该请求提供服务所需的配置文件时出错。请检查下面的特定错误详细信息并适当地修改配置文件。 分析器错误信息: 无法识别的配置节“forms”源错误:
行 40: -->
行 41: <authentication mode="Forms"/>
行 42: <forms name=".ASPXAUTH" protection="All" timeout="60"/> //----注意此处为红色----
行 43: </authentication>
行 44:
源文件: c:\inetpub\wwwroot\Authentication\web.config 行: 42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
--------------------------------------------------------------------------------
版本信息: 运行时版本:1.0.2914.16; ASP.NET 版本:1.0.2914.16
<authentication mode="Forms">
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
“/Authentication”应用程序中的服务器错误。
--------------------------------------------------------------------------------找不到方法:Void System.EventHandler..ctor(System.Object, IntPtr)。
说明: 执行当前 Web 请求期间,出现未处理的异常。请检查堆栈跟踪信息,以了解有关该错误以及代码中导致错误的出处的更多信息。 异常详细信息: System.MissingMethodException: 找不到方法:Void System.EventHandler..ctor(System.Object, IntPtr)。源错误:
行 42: private static System.Collections.ArrayList __fileDependencies;
行 43:
行 44: public login_aspx() {
行 45: System.Collections.ArrayList dependencies;
行 46: if ((ASP.login_aspx.__intialized == false)) {
源文件: C:\WINDOWS\Microsoft.NET\Framework\v1.0.2914\Temporary ASP.NET Files\authentication\1daacda8\8214a17e\kzgksb1x.0.cs 行: 44 堆栈跟踪:
[MissingMethodException: 找不到方法:Void System.EventHandler..ctor(System.Object, IntPtr)。]
Authentication.WebForm1..ctor() +0
ASP.login_aspx..ctor() in C:\WINDOWS\Microsoft.NET\Framework\v1.0.2914\Temporary ASP.NET Files\authentication\1daacda8\8214a17e\kzgksb1x.0.cs:44[TargetInvocationException: 调用的目标发生了异常。]
System.RuntimeType.CreateInstanceImpl(Boolean publicOnly) +0
System.Activator.CreateInstance(Type type) +50
System.Web.UI.TemplateControlParser.GetCompiledInstance(String virtualPath, String inputFile, HttpContext context) +96[HttpException (0x80004005): 未能创建类型为“ASP.login_aspx”的页。]
System.Web.UI.TemplateControlParser.GetCompiledInstance(String virtualPath, String inputFile, HttpContext context) +167
System.Web.UI.PageParser.GetCompiledPageInstance(String virtualPath, String inputFile, HttpContext context) +43
System.Web.UI.PageHandlerFactory.GetHandler(HttpContext context, String requestType, String url, String path) +14
System.Web.HttpApplication.MapHttpHandler(HttpContext context, String requestType, String path, String pathTranslated, Boolean useAppConfig) +181
System.Web.MapHandlerExecutionStep.Execute() +95
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +173
--------------------------------------------------------------------------------
版本信息: 运行时版本:1.0.2914.16; ASP.NET 版本:1.0.2914.16
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<authentication mode="Forms">
<forms name = ".ASPXUSERDEMO" loginUrl = "index.aspx" protection = "All" timeout = "60" path = "/">
</forms>
</authentication>语法:
Attribute Description :loginUrl:
Logon URL to which unauthenticated users are redirected. This can be on the same computer or a remote one. If it is on a remote computer, both computers need to be using the same value for the decryptionkey attribute. name:
Name of the HTTP cookie to use for authentication purposes. Note that if more than one application wants to use forms-based authentication services on a single computer, they should each configure a unique cookie value. In order to avoid causing dependencies in URLs, ASP.NET uses "/" as the Path value when setting authentication cookies, so that they are sent back to every application on the site. timeout:
Amount of time in integer minutes, after which the cookie expires. The default value is 30. The timeout attribute is a sliding value, expiring n minutes from the time the last request was received. In order to avoid adversely affecting performance and to avoid multiple browser warnings for those who have cookies warnings turned on, the cookie is updated if the time is more than half gone. (This means a loss of possible precision in some cases.)
path :
Path to use for the issued cookie. The default value is "/" to avoid difficulties with mismatched case in paths, since browsers are strictly case-sensitive when returning cookies. Applications in a shared-server environment should use this directive to maintain private cookies. (Alternatively, they can specify the path at runtime using the APIs to issue cookies.) protection :
Method used to protect cookie data. Valid values are as follows:
All:
Use both data validation and encryption to protect the cookie. The configured data validation algorithm is based on the element. Triple DES is used for encryption, if available and if the key is long enough (48 bytes). All is the default (and suggested) value.
None:
Use for sites that are only using cookies for personalization and have weaker security requirements. Both encryption and validation can be disabled. Although you should use caution if you use cookies in this way, this setting provides the best performance of any method of doing personalization using the .NET Framework.
Encryption:
Encrypts the cookie using TripleDES or DES, but data validation is not done on the cookie. This type of cookie can be subject to chosen plaintext attacks.
Validation:
Does not encrypt the contents of the cookie, but validates that the cookie data has not been altered in transit. To create the cookie, the validation key is concatenated in a buffer with the cookie data and a MAC is computed and appended to the outgoing cookie.
这一行中的".ASPXAUTH"是什么意思?
如果你是用vs.net创建的app,应该不会有问题
<system.web>
To set up the Web.config configuration file Set the authentication mode to Forms. Other possible values are Windows, Passport, and None (empty string). For this example, it must be Forms.
<authentication mode="Forms" >
Set the form's authentication attributes.
<forms
Set the loginUrl attribute to login.aspx. Login.aspx is the URL to use for redirection if ASP.NET does not find a cookie with the initial request.
loginUrl = "login.aspx"
Set the cookie's name suffix.
name = "FORMSAUTHCOOKIE"/>
Deny unauthenticated users access to this directory.
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
问一下,怎么看出来我用的是bate2?
还有uid=;pwd=;怎么填,是填我的windows登陆名吗?
(数据连接用的是“使用windows NT集成安全设置)
我看的书上说,.ASPXAUTH是默认值,ASPXUSERDEMO是什么
loginUrl英文注释没看懂,是什么啊?
我的web.config文件如下:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key="connectionString" value="server=BILLGATES;uid=sa;pwd=;database=C1cstore" />
</appSettings>
<system.web>
<!-- DYNAMIC DEBUG COMPILATION
Set compilation debug="true" to enable ASPX debugging. Otherwise, setting this value to
false will improve runtime performance of this application.
Set compilation debug="true" to insert debugging symbols (.pdb information)
into the compiled page. Because this creates a larger file that executes
more slowly, you should set this value to true only when debugging and to
false at all other times. For more information, refer to the documentation about
debugging ASP.NET files.
-->
<compilation defaultLanguage="c#" debug="true" />
<!-- CUSTOM ERROR MESSAGES
Set mode="on" or "remoteonly" to enable custom error messages, "off" to disable. Add
<error> tags for each of the errors you want to handle.
-->
<customErrors mode="Off" />
<!-- AUTHENTICATION
This section sets the authentication policies of the application. Possible modes are "Windows", "Forms",
"Passport" and "None"
-->
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<authentication mode="Forms">
<!--后面的是书上写的<forms name=".ASPXAUTH" protection="All" timeout="60" />-->
<forms name = ".ASPXAUTH" loginUrl = "index.aspx" protection = "All" timeout = "60" path = "/">
</forms>
</authentication>
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++=
<!-- APPLICATION-LEVEL TRACE LOGGING
Application-level tracing enables trace log output for every page within an application.
Set trace enabled="true" to enable application trace logging. If pageOutput="true", the
trace information will be displayed at the bottom of each page. Otherwise, you can view the
application trace log by browsing the "trace.axd" page from your web application
root.
-->
<trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" />
<!-- SESSION STATE SETTINGS
By default ASP.NET uses cookies to identify which requests belong to a particular session.
If cookies are not available, a session can be tracked by adding a session identifier to the URL.
To disable cookies, set sessionState cookieless="true".
-->
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;user id=sa;password=" cookieless="false" timeout="20" />
<!-- PREVENT SOURCE CODE DOWNLOAD
This section sets the types of files that will not be downloaded. As well as entering
a httphandler for a file type, you must also associate that file type with the aspnet_isapi.dll
in the App Mappings property of the web site, or the file can be downloaded.
It is recommended that you use this section to prevent your sources being downloaded.
-->
<httpHandlers>
<add verb="*" path="*.vb" type="System.Web.HttpNotFoundHandler,System.Web" />
<add verb="*" path="*.cs" type="System.Web.HttpNotFoundHandler,System.Web" />
<add verb="*" path="*.vbproj" type="System.Web.HttpNotFoundHandler,System.Web" />
<add verb="*" path="*.csproj" type="System.Web.HttpNotFoundHandler,System.Web" />
<add verb="*" path="*.webinfo" type="System.Web.HttpNotFoundHandler,System.Web" />
</httpHandlers>
<!-- GLOBALIZATION
This section sets the globalization settings of the application.
-->
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />
</system.web>
</configuration>