1.1 移动Web网站安全性
ASP.NET中的安全性由三个不同的方面组成:身份验证、授权和加密。.NET Framework与Internet信息服务(IIS)一起提供这方面的支持,以保护Web应用程序。要编写安全的Web应用程序,了解配置选择将影响应用程序的安全性是很重要的。ASP.NET依赖于IIS和ASP.NET的基础结构来保护应用程序。
.NET Framework支持集成Windows身份验证与授权、Microsoft Passport身份验证和窗体身份验证。但是由于各种原因,目前只有窗体身份验证方式适合用于移动设备。本节介绍适合移动设备的窗体身份验证方案,以及为确保各种设备可以访问应用程序所必须采取的步骤。
1.1.1 窗体身份验证
由ASP.NET提供的窗体身份验证支持在应用程序中创建登录页并管理身份验证,并且不需要使用计算机上或域中的单独帐户。窗体身份验证的基本思路是在每个请求中检查身份验证Cookie。如果未找到Cookie、Cookie无效或Cookie过期,则用户被重定向到登录页(默认情况下,该页为login.aspx)。提供窗体身份验证的登录页与任何.aspx页相同。该登录页上有一个供用户提交凭据的窗体。当用户发送要求的数据时,将在代码中执行身份验证检查,然后用户将被重定向到当初请求的页,并且记录该Cookie。
某些设备和设备网关在执行重定向时不记录Cookie。在这种情况下,再次发送原始请求时意味不带所需的身份验证Cookie,因此用户将被再次重定向到登录页。对于不支持Cookie的设备,解决方法是将身份验证添加到URL的查询字符串中。
为了演示窗体身份验证,需要修改web.config文件,并且添加默认登录页面login.aspx和一个测试登录的页面FormsAuth.aspx。在web.config文件需要添加以下配置:
<group id="_x0000_s1032" style="WIDTH: 414pt; HEIGHT: 62.4pt; mso-position-horizontal-relative: char; mso-position-vertical-relative: line" coordsize="7200,1088" coordorigin="2526,7642" editas="canvas"><lock aspectratio="t" v:ext="edit"></lock><shapetype id="_x0000_t75" coordsize="21600,21600" stroked="f" filled="f" path="m@4@5l@4@11@9@11@9@5xe" o:preferrelative="t" o:spt="75"><stroke joinstyle="miter"></stroke><formulas><f eqn="if lineDrawn pixelLineWidth 0"></f><f eqn="sum @0 1 0"></f><f eqn="sum 0 0 @1"></f><f eqn="prod @2 1 2"></f><f eqn="prod @3 21600 pixelWidth"></f><f eqn="prod @3 21600 pixelHeight"></f><f eqn="sum @0 0 1"></f><f eqn="prod @6 1 2"></f><f eqn="prod @7 21600 pixelWidth"></f><f eqn="sum @8 21600 0"></f><f eqn="prod @7 21600 pixelHeight"></f><f eqn="sum @10 21600 0"></f></formulas><path o:connecttype="rect" gradientshapeok="t" o:extrusionok="f"></path><lock aspectratio="t" v:ext="edit"></lock></shapetype><shape id="_x0000_s1033" style="LEFT: 2526px; WIDTH: 7200px; POSITION: absolute; TOP: 7642px; HEIGHT: 1088px" o:preferrelative="f" type="#_x0000_t75"><font size="3"><font face="Times New Roman"><fill o:detectmouseclick="t"></fill><path o:connecttype="none" o:extrusionok="t"></path><lock v:ext="edit" text="t"></lock></font></font></shape><rect id="_x0000_s1034" style="LEFT: 2526px; WIDTH: 7200px; POSITION: absolute; TOP: 7642px; HEIGHT: 1088px" strokecolor="#eaeaea" fillcolor="#eaeaea"><textbox style="mso-next-textbox: #_x0000_s1034"><table cellspacing="0" cellpadding="0" width="100%"><tbody><tr>
<td style="BORDER-RIGHT: #d4d0c8; BORDER-TOP: #d4d0c8; BORDER-LEFT: #d4d0c8; BORDER-BOTTOM: #d4d0c8; BACKGROUND-COLOR: transparent">
<div>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt; LINE-HEIGHT: 14pt; mso-line-height-rule: exactly"><span lang="EN-US" style="FONT-SIZE: 9pt"><font face="Times New Roman"><authentication mode="Forms" /><p></p></font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt; TEXT-INDENT: 21pt; LINE-HEIGHT: 14pt; mso-line-height-rule: exactly"><span lang="EN-US" style="FONT-SIZE: 9pt"><font face="Times New Roman"><authorization><p></p></font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt 21pt; TEXT-INDENT: 21pt; LINE-HEIGHT: 14pt; mso-line-height-rule: exactly"><span lang="EN-US" style="FONT-SIZE: 9pt"><font face="Times New Roman"><deny users="?" /><p></p></font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt; TEXT-INDENT: 21pt; LINE-HEIGHT: 14pt; mso-line-height-rule: exactly"><span lang="EN-US" style="FONT-SIZE: 9pt"><font face="Times New Roman"></authorization><p></p></font></span></p>
</div>
</td>
</tr></tbody></table></textbox></rect><wrap type="none"></wrap><anchorlock></anchorlock></group>
login.aspx页面的窗体设计如图18-15所示,对应的login.aspx.vb文件代码如清单18-21所示。FormsAuth.aspx页面对应的FormsAuth.aspx.vb文件代码如清单18-22所示。
<shape id="_x0000_i1028" style="WIDTH: 414.75pt; HEIGHT: 297.75pt" type="#_x0000_t75"><imagedata o:title="" src="file:///D:%5CDOCUME~1%5CADMINI~1%5CLOCALS~1%5CTemp%5Cmsohtml1%5C01%5Cclip_image002.png"><font face="Times New Roman" size="3"></font></imagedata></shape>
图18-15:login.aspx窗体设计
清单18-21:login.aspx.vb
<group id="_x0000_s1029" style="WIDTH: 414pt; HEIGHT: 191.4pt; mso-position-horizontal-relative: char; mso-position-vertical-relative: line" coordsize="7200,3337" coordorigin="2526,7642" editas="canvas"><lock aspectratio="t" v:ext="edit"></lock><shape id="_x0000_s1030" style="LEFT: 2526px; WIDTH: 7200px; POSITION: absolute; TOP: 7642px; HEIGHT: 3337px" o:preferrelative="f" type="#_x0000_t75"><font size="3"><font face="Times New Roman"><fill o:detectmouseclick="t"></fill><path o:connecttype="none" o:extrusionok="t"></path><lock v:ext="edit" text="t"></lock></font></font></shape><rect id="_x0000_s1031" style="LEFT: 2526px; WIDTH: 7200px; POSITION: absolute; TOP: 7642px; HEIGHT: 3337px" strokecolor="#eaeaea" fillcolor="#eaeaea"><textbox style="mso-next-textbox: #_x0000_s1031"><table cellspacing="0" cellpadding="0" width="100%"><tbody><tr>
<td style="BORDER-RIGHT: #d4d0c8; BORDER-TOP: #d4d0c8; BORDER-LEFT: #d4d0c8; BORDER-BOTTOM: #d4d0c8; BACKGROUND-COLOR: transparent">
<div>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt; LINE-HEIGHT: 14pt; mso-line-height-rule: exactly"><span lang="EN-US" style="FONT-SIZE: 9pt"><font face="Times New Roman">Partial Class WebSecurity<p></p></font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt; LINE-HEIGHT: 14pt; mso-line-height-rule: exactly"><span lang="EN-US" style="FONT-SIZE: 9pt"><font face="Times New Roman"><span style="mso-spacerun: yes"> </span>Inherits System.Web.UI.MobileControls.MobilePage<p></p></font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt; LINE-HEIGHT: 14pt; mso-line-height-rule: exactly"><span lang="EN-US" style="FONT-SIZE: 9pt"><p><font face="Times New Roman"></font></p></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt; LINE-HEIGHT: 14pt; mso-line-height-rule: exactly"><span lang="EN-US" style="FONT-SIZE: 9pt"><font face="Times New Roman"><span style="mso-spacerun: yes"> </span>Protected Sub cmdLogin_Click(ByVal sender As Object, _<p></p></font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt 21pt; TEXT-INDENT: 21pt; LINE-HEIGHT: 14pt; mso-line-height-rule: exactly"><span lang="EN-US" style="FONT-SIZE: 9pt"><font face="Times New Roman">ByVal e As System.EventArgs) Handles cmdLogin.Click<p></p></font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt; LINE-HEIGHT: 14pt; mso-line-height-rule: exactly"><span lang="EN-US" style="FONT-SIZE: 9pt"><font face="Times New Roman"><span style="mso-spacerun: yes"> </span>If UserEmail.Text = "software2002" And UserPass.Text = "123456" Then<p></p></font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt; LINE-HEIGHT: 14pt; mso-line-height-rule: exactly"><span lang="EN-US" style="FONT-SIZE: 9pt"><font face="Times New Roman"><span style="mso-spacerun: yes"> </span>Mobile.MobileFormsAuthentication.RedirectFromLoginPage(UserEmail.Text, False)<p></p></font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt; LINE-HEIGHT: 14pt; mso-line-height-rule: exactly"><span lang="EN-US" style="FONT-SIZE: 9pt"><font face="Times New Roman"><span style="mso-spacerun: yes"> </span>Else<p></p></font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt; LINE-HEIGHT: 14pt; mso-line-height-rule: exactly"><span lang="EN-US" style="FONT-SIZE: 9pt"><font face="Times New Roman"><span style="mso-spacerun: yes"> </span>message.Visible = True<p></p></font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt; LINE-HEIGHT: 14pt; mso-line-height-rule: exactly"><span lang="EN-US" style="FONT-SIZE: 9pt"><font face="Times New Roman"><span style="mso-spacerun: yes"> </span>message.Text = "</font></span><span style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">登录用户名和密码不正确</span><span lang="EN-US" style="FONT-SIZE: 9pt"><font face="Times New Roman">"<p></p></font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt; LINE-HEIGHT: 14pt; mso-line-height-rule: exactly"><span lang="EN-US" style="FONT-SIZE: 9pt"><font face="Times New Roman"><span style="mso-spacerun: yes"> </span>End If<p></p></font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt; LINE-HEIGHT: 14pt; mso-line-height-rule: exactly"><span lang="EN-US" style="FONT-SIZE: 9pt"><font face="Times New Roman"><span style="mso-spacerun: yes"> </span>End Sub<p></p></font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt; LINE-HEIGHT: 14pt; mso-line-height-rule: exactly"><span lang="EN-US" style="FONT-SIZE: 9pt"><font face="Times New Roman">End Class<p></p></font></span></p>
</div>
</td>
</tr></tbody></table></textbox></rect><wrap type="none"></wrap><anchorlock></anchorlock></group>
<shape id="_x0000_i1029" style="WIDTH: 415.5pt; HEIGHT: 279.75pt" type="#_x0000_t75"><imagedata o:title="" src="file:///D:%5CDOCUME~1%5CADMINI~1%5CLOCALS~1%5CTemp%5Cmsohtml1%5C01%5Cclip_image005.png"><font face="Times New Roman" size="3"></font></imagedata></shape>
图18-16:FormsAuth.aspx窗体设计
清单18-22:FormsAuth.aspx.vb
<group id="_x0000_s1026" style="WIDTH: 414pt; HEIGHT: 176.45pt; mso-position-horizontal-relative: char; mso-position-vertical-relative: line" coordsize="7200,3077" coordorigin="2526,7642" editas="canvas"><lock aspectratio="t" v:ext="edit"></lock><shape id="_x0000_s1027" style="LEFT: 2526px; WIDTH: 7200px; POSITION: absolute; TOP: 7642px; HEIGHT: 3077px" o:preferrelative="f" type="#_x0000_t75"><font size="3"><font face="Times New Roman"><fill o:detectmouseclick="t"></fill><path o:connecttype="none" o:extrusionok="t"></path><lock v:ext="edit" text="t"></lock></font></font></shape><rect id="_x0000_s1028" style="LEFT: 2526px; WIDTH: 7200px; POSITION: absolute; TOP: 7642px; HEIGHT: 3077px" strokecolor="#eaeaea" fillcolor="#eaeaea"><textbox style="mso-next-textbox: #_x0000_s1028"><table cellspacing="0" cellpadding="0" width="100%"><tbody><tr>
<td style="BORDER-RIGHT: #d4d0c8; BORDER-TOP: #d4d0c8; BORDER-LEFT: #d4d0c8; BORDER-BOTTOM: #d4d0c8; BACKGROUND-COLOR: transparent">
<div>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt; LINE-HEIGHT: 14pt; mso-line-height-rule: exactly"><span lang="EN-US" style="FONT-SIZE: 9pt"><font face="Times New Roman">Partial Class FormsAuth<p></p></font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt; LINE-HEIGHT: 14pt; mso-line-height-rule: exactly"><span lang="EN-US" style="FONT-SIZE: 9pt"><font face="Times New Roman"><span style="mso-spacerun: yes"> </span>Inherits System.Web.UI.MobileControls.MobilePage<p></p></font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt; LINE-HEIGHT: 14pt; mso-line-height-rule: exactly"><span lang="EN-US" style="FONT-SIZE: 9pt"><font face="Times New Roman"><span style="mso-spacerun: yes"> </span>Protected Sub formA_Load(ByVal sender As Object, _<p></p></font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt 21pt; TEXT-INDENT: 21pt; LINE-HEIGHT: 14pt; mso-line-height-rule: exactly"><span lang="EN-US" style="FONT-SIZE: 9pt"><font face="Times New Roman">ByVal e As System.EventArgs) Handles formA.Load<p></p></font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt; LINE-HEIGHT: 14pt; mso-line-height-rule: exactly"><span lang="EN-US" style="FONT-SIZE: 9pt"><font face="Times New Roman"><span style="mso-spacerun: yes"> </span>label1.Text = String.Format("Welcome {0}", User.Identity.Name)<p></p></font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt; LINE-HEIGHT: 14pt; mso-line-height-rule: exactly"><span lang="EN-US" style="FONT-SIZE: 9pt"><font face="Times New Roman"><span style="mso-spacerun: yes"> </span>End Sub<p></p></font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt; LINE-HEIGHT: 14pt; mso-line-height-rule: exactly"><span lang="EN-US" style="FONT-SIZE: 9pt"><font face="Times New Roman"><span style="mso-spacerun: yes"> </span>Protected Sub cmdLoginOut_Click(ByVal sender As Object, _<p></p></font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt 21pt; TEXT-INDENT: 21pt; LINE-HEIGHT: 14pt; mso-line-height-rule: exactly"><span lang="EN-US" style="FONT-SIZE: 9pt"><font face="Times New Roman">ByVal e As System.EventArgs) Handles cmdLoginOut.Click<p></p></font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt; LINE-HEIGHT: 14pt; mso-line-height-rule: exactly"><span lang="EN-US" style="FONT-SIZE: 9pt"><font face="Times New Roman"><span style="mso-spacerun: yes"> </span>Mobile.MobileFormsAuthentication.SignOut()<p></p></font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt; LINE-HEIGHT: 14pt; mso-line-height-rule: exactly"><span lang="EN-US" style="FONT-SIZE: 9pt"><font face="Times New Roman"><span style="mso-spacerun: yes"> </span>ActiveForm = formB<p></p></font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt; LINE-HEIGHT: 14pt; mso-line-height-rule: exactly"><span lang="EN-US" style="FONT-SIZE: 9pt"><font face="Times New Roman"><span style="mso-spacerun: yes"> </span>End Sub<p></p></font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt; LINE-HEIGHT: 14pt; mso-line-height-rule: exactly"><span lang="EN-US" style="FONT-SIZE: 9pt"><font face="Times New Roman">End Class<p></p></font></span></p>
</div>
</td>
</tr></tbody></table></textbox></rect><wrap type="none"></wrap><anchorlock></anchorlock></group>
清单18-21中演示了MobileFormsAuthentication的用法。在该示例中验证以software2002为用户名,以123456为密码的用户登录。清单18-22中的System.Web.Mobile.MobileFormsAuthentication的SignOut方法,用于清除Cookie或额外的查询字符串参数。
分享到:
相关推荐
MICROSOFT.NETCF3.5
Fieldsoftware PrinterCE NetCF 蓝牙无线打印组件简体 中文版 汉化组件 国外最好用的手机连接打印机打印组件
VS2005开发的图片按钮控件源代码。可以选择是否显示文字、是否显示边框,文字显示位置等,并可以设置显示图片、按下时显示图片、Disable时显示图片。
NetCF2.0插件,Wince下开发.net软件必不可少的
.netCF webbrowserDemo
Barcode Scanners NETCF.msi
官方离线安装包,测试可用。使用rpm -ivh [rpm完整包名] 进行安装
NETCF3.5 NET精简框架3.5版
M2Mqtt with OpenSSL support for you Project
NetCF_2.0\3.5\3.7ppc专用
OpenNet Compact Framework Source Code in C#
VS 2005开发,用于调用PDA摄像头,可以选择拍照或者摄像,并随意选择文件存放目录。绝对运行通过。
CE必备基础包 CE必备基础包 版本为NETCF3.5
.net cf 方面的开发技巧介绍,可以学习一下。
官方离线安装包,测试可用。使用rpm -ivh [rpm完整包名] 进行安装
本文是介绍使用.NET CF开发Smartphone应用程序的FAQ。
一个.net cf的3D程序示例,里面有大量的例程。可以供手机3D程序开发的人参考
WinCE Framewok,3.5版本,适用于wince 6.0系统的手机,gps,手持终端等等
Using SQL MOBILE on.NET CF 2.0
离线安装包,亲测可用