创建一个基于会员提供者的外观

发布于 2024-07-15 19:57:36 字数 193 浏览 12 评论 0原文

我在 ASP.NET MVC 中使用成员资格提供程序,对于大多数数据访问,我使用 nHibernate 和存储库模式。 您是否建议在成员资格提供程序上使用外观,以便我可以创建一个存储库并使其与我的实体模型的其余部分更加内联地运行? 我还添加了额外的功能,例如向角色添加功能的能力以及创建外观将使所有类变得更好一些。

其他人对会员提供者做了什么?

I am using the Membership Provider in ASP.NET MVC and for most data access I use nHibernate and a repository pattern. Do you recommend using a Facade over the Membership Provider so I can create a repository and make it operate a bit more inline with the rest of my entity model? I also have added additional functionality like the ability to add functions to a role and creating the facade would make the classes all a bit nicer.

What have other people done with Membership Provider?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

究竟谁懂我的在乎 2024-07-22 19:57:36

我已经解决了这个问题。 通过以下方式:

web.config

<authentication mode="Forms">
  <forms name="APPAUTH"
         defaultUrl="/webapp/Home.mvc"
         loginUrl="/webapp/Session.mvc/Login"
         protection="All"
         timeout="30"
         path="/"/>
</authentication>
<authorization>
  <deny users="?"/>
</authorization>

<location path="Session">
  <system.web>
    <authorization>
      <allow users="*"/>
    </authorization>
  </system.web>
</location>

然后我按照以下方式挂钩Application_AuthenticateRequest

protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
    string cookieName = FormsAuthentication.FormsCookieName;
    HttpCookie authCookie = Context.Request.Cookies[cookieName];

    if (null == authCookie)
    {
        //no authentication cokie present
        return;
    }

    FormsAuthenticationTicket authTicket = null;
    try
    {
        authTicket = FormsAuthentication.Decrypt(authCookie.Value);
    }
    catch (Exception)
    {
        // Can't do anything if we can't decrypt the ticket so treat it as not there
        FormsAuthentication.SignOut(); // Remove bad ticket
    }

    if (authTicket == null)
    {
        //could not decrypt cookie
        return;
    }

    // get the role
    string[] roles = authTicket.UserData.Split(new char[] { '|' }, StringSplitOptions.RemoveEmptyEntries);

    // Set the security context
    ISecurityService security = ContainerProvider.RequestContainer.Resolve<ISecurityService>();
    Models.User user = security.GetUser(authTicket.Name);

    if (user == null)
    {
        FormsAuthentication.SignOut();
        throw new HttpException((int)System.Net.HttpStatusCode.Unauthorized, "Session expired!");
    }

    AppIdentity id = new AppIdentity(user, !authTicket.Expired);
    AppPrincipal principal = new AppPrincipal(id, roles);

    Context.User = principal;
} 

ContainerProvider.RequestContainer.Resolve(); 调用是对 Autofac 容器的,但您可以执行任何您需要/想要的操作到这里。

AppIdentityAppPrincipal 类是自定义的,因此我可以访问我的角色,但它们并不那么复杂。

I have solved this exact problem. In the following manner:

web.config:

<authentication mode="Forms">
  <forms name="APPAUTH"
         defaultUrl="/webapp/Home.mvc"
         loginUrl="/webapp/Session.mvc/Login"
         protection="All"
         timeout="30"
         path="/"/>
</authentication>
<authorization>
  <deny users="?"/>
</authorization>

<location path="Session">
  <system.web>
    <authorization>
      <allow users="*"/>
    </authorization>
  </system.web>
</location>

Then I hook Application_AuthenticateRequest something along the lines of:

protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
    string cookieName = FormsAuthentication.FormsCookieName;
    HttpCookie authCookie = Context.Request.Cookies[cookieName];

    if (null == authCookie)
    {
        //no authentication cokie present
        return;
    }

    FormsAuthenticationTicket authTicket = null;
    try
    {
        authTicket = FormsAuthentication.Decrypt(authCookie.Value);
    }
    catch (Exception)
    {
        // Can't do anything if we can't decrypt the ticket so treat it as not there
        FormsAuthentication.SignOut(); // Remove bad ticket
    }

    if (authTicket == null)
    {
        //could not decrypt cookie
        return;
    }

    // get the role
    string[] roles = authTicket.UserData.Split(new char[] { '|' }, StringSplitOptions.RemoveEmptyEntries);

    // Set the security context
    ISecurityService security = ContainerProvider.RequestContainer.Resolve<ISecurityService>();
    Models.User user = security.GetUser(authTicket.Name);

    if (user == null)
    {
        FormsAuthentication.SignOut();
        throw new HttpException((int)System.Net.HttpStatusCode.Unauthorized, "Session expired!");
    }

    AppIdentity id = new AppIdentity(user, !authTicket.Expired);
    AppPrincipal principal = new AppPrincipal(id, roles);

    Context.User = principal;
} 

The ContainerProvider.RequestContainer.Resolve<ISecurityService>(); call is to a Autofac container, but you can do anything you need to / want to here.

The AppIdentity and AppPrincipal classes are custom so I can access my roles, but they are not that complicated.

卖梦商人 2024-07-22 19:57:36

您可以通过继承 MembershipProvider 基类来为站点实现您自己的 MembershipProvider。 然后只需重写通过 nHibernate 执行数据访问所需的方法即可。

您真正需要实现的唯一函数是 ValidateUser。 其余的取决于您在与 MembershipProvider 相关的站点中使用的功能。

You can implement your own MembershipProvider for the site, by inheriting the MembershipProvider base class. Then just override the methods you need to perform the data access through nHibernate.

The only function you really have to implement is ValidateUser. The rest is dependent on the functionality you use in the site relating to the MembershipProvider.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文