When I'm creating my own authentica开发者_StackOverflow社区tion mechanism for ASP.NET, at the configuration level can I extend the standard authentication mode attribute?
// Web.config file
<authentication mode="Forms">
I'd like to make something like
<authentication mode="My Custom Special Auth">
and provide appropriate sub-elements.
If this is a good idea I'd need some tips about where to hook into the existing auth element.
Otherwise if it's best for me to create a new, custom configuration section apart from what is shipped I will do that.
You should set the mode to None and handle everything through your own configuration. Somehow the documentation is more clear for older versions of .Net than the most reasent.
http://msdn.microsoft.com/en-us/library/aa291347(v=vs.71).aspx
None (Custom Authentication)
Specify "None" as the authentication provider when users are not authenticated at all or if you plan to develop custom authentication code. For example, you may want to develop your own authentication scheme using an ISAPI filter that authenticates users and manually creates an object of the GenericPrincipal Class. For more information, see GenericPrincipal Class.
Pros
- Offers total control of the authentication process providing the greatest flexibility.
- Provides the highest performance if you do not implement an authentication method.
Cons
- Custom-built authentication schemes are seldom as secure as those provided by the operating system.
- Requires extra work to custom-build an authentication scheme.
精彩评论