tailieunhanh - Professional ASP.NET 1.0 Special Edition- P26

Professional Special Edition- P26:Those of us who are Microsoft developers can't help but notice that .NET has received a fair amount of visibility over the last year or so. This is quite surprising considering that for most of this period, .NET has been in its early infancy and beta versions. I can't remember any unreleased product that has caused this much interest among developers. And that's really an important point, because ignoring all the hype and press, .NET really is a product for developers, providing a great foundation for building all types of applications | to set any specific access permissions for the users we authenticate. In other words providing that we are happy for all users that are listed in the authentication section to have access to all resources in the application using any type of HTTP method POST GET HEAD we can use authorization deny users- authorization Don t be tempted to try and set Windows ACL permissions on resources for the users you specify when using forms-based authentication. Even if Windows accounts do exist for these users they are not used when the user logs in via forms-based authentication. All access will be performed under the context of the process account which must have access to the resource . Custom Lists of User Credentials All our forms-based authentication configuration examples so far have used the credentials section of to store the list of users that we authenticate requests against. In many cases this is not practical. Rather than manually editing a text file to add and remove users we will often want to store user details elsewhere - maybe in a database table an XML document or even Active Directory. However it s still useful to be able to take advantage of the other features that forms-based authentication provides such as automatic redirection to a login page encryption and validation of the authentication cookie and integration with the environment which allows you to retrieve the user s details elsewhere in your code - more details of this coming up later . It s easy to accomplish lookups of user credentials in other data stores as the examples at the end of the chapter demonstrate. For example we can use the relational data access capabilities of .NET to retrieve values from a relational database using SQL statements or stored procedures or we can use classes from the namespace to access XML documents. Programmatic Security and Personalization The techniques we ve described so far can be used to control access to resources based on the .