实现具有稍微奇怪的要求的自定义会员资格提供商

发布于 2024-07-21 19:22:17 字数 956 浏览 5 评论 0原文

构建一个新的移动网络平台,供移动用户购买和使用 在他们的手机上下载内容。 过去我们使用了完全定制的登录机制,但我正在研究在下一版本的平台中使用自定义会员提供程序。

问题是,我们有一些稍微奇怪的“登录”机制要求,所以我不能 100% 确定 MembershipProvider 是最合适的。

只是寻找一些关于以下要求的一般反馈,其中包含“是的,会员提供商很合适”或“不,您正在将方钉敲入圆孔”

要求

  1. 用户可能需要使用以下身份登录“手机号码”(用户名)和 “Pin”(密码) 这非常适合,因为他们已经注册并通过短信确认,并且满足 ValidateUser(string username, string password) 方法实现

  2. 用户可能需要仅使用“手机号码”。 在这种情况下,我们就懒得去进行身份验证了。 它减少了用户的步骤数,并且当我们尝试向他们计费时,验证是由特定操作员完成的。 (运营商可以验证输入的手机号码是否与手机在访问运营商支付网站时匹配)...因此,即使用户有密码,我们也需要以某种方式欺骗会员提供商,并让他们进入使用空白密码。

  3. 用户根本不需要登录。 在这种情况下,我们可以透明地将用户弹回到特殊的网络运营商网页,当用户透明弹回给我们时,我们将在标头中获取手机号码。 在这种情况下,我们需要以编程方式从标头中获取该号码,在后面的代码中代表他们执行登录(同样不需要任何 pin/密码),然后用户将神奇地自动登录。

。 3有点奇怪。 我们本质上有 3 种不同的登录机制,一个会员提供商需要满足这些机制。

  • 用户输入手机和 用户输入的 Pin
  • 用户仅输入移动设备(代码后面我想满足 pin 要求)
  • 完全透明的登录(代码后面完成整个登录过程)

任何人对上述内容有任何评论/反馈或对任何奇怪的会员提供商有任何建议您过去所做的实施。

Building a new Mobile Web Platform for Mobile Users to purchase & download content on their handsets. In the past we've used a completely bespoke login mechanism but I'm investigating using a Custom Membership Provider for the next version of the Platform.

The thing is, we have some slightly odd "login" mechanism requirements, so I'm not 100% sure that a MembershipProvider is the best fit.

Just looking for some general feed back on the requirements below with a "Yes, Membership Provider is a good fit" or "No, you're banging a square peg in a round hole"

Requirements

  1. User may be required to login with a "Mobile Number" (username) & "Pin" (password)
    This fits pretty well, as they've already signed up and confirmed with an SMS and it satisfies the ValidateUser(string username, string password) Method Implementation

  2. User may be required to login with only a "Mobile Number". In this case, we don't bother doing the identity verification on our side. It reduces the number of steps for the user and verification is done by the particular operator when we attempt to bill them. (The operators can validate that the mobile number entered, matches with the handset when it hits the operator payment site)... so even though users have a password, we'd need to bluff the membership provider in someway, and let them in with a blank password.

  3. User doesn't need to login at all. In this case, we can transparently bounce the user to a special network operator webpage, and we'll get the Mobile Number in Headers when they're transparently bounced back to us. In this case, we'd need to programmatically take that number from the headers, perform the login on their behalf in the code behind (again without any pin/password) and the user would be magically auto logged in.

Requirement 2 & 3 are bit odd. We essentially have 3 different login mechanisms that the one membership provider would need to satisfy.

  • User Entered Mobile & User Entered Pin
  • User Entered Mobile Only (code behind I suppose to satisfy the pin requirement)
  • Completely Transparent Login (code behind to do the entire login process)

Anyone got any comments/feed back on the above or have any advice on any bizarre membership provider implementation you've done in the past.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

安穩 2024-07-28 19:22:17

我认为这可行。 我们在我们的网站之一上执行#3。 这是我们用来处理它的一段代码。 要使用此功能,请创建一个登录页面(transparentlogin.aspx 或类似的页面),确保 web.config 文件允许匿名访问该页面,并将如下代码放入透明login.aspx 页面的 page_load 函数中:

const string specialpassword = "ThisIsOurSpecialPasswordForBehindTheScenesLogin";

if (MobileNumberFoundInHeader())
{
  string username = GetMobileNumberFromHeaders();
  // Authenticate the user behind the scenes
  System.Web.Security.FormsAuthentication.SetAuthCookie(username, false);
  System.Web.Security.FormsAuthentication.Authenticate(username, specialpassword);
}
else
{
  throw new Exception ("Mobile Number Missing");
}

然后,在 MembershipProvider 的 ValidateUser 函数中,确保进行如下检查:

public override bool ValidateUser(string username, string password)
{
 const string specialpassword = "ThisIsOurSpecialPasswordForBehindTheScenesLogin";

 bool ValidationSuccess = false;

 // If the password being passed in is the right secret key (same  
 // for all users), then we will say that the password matches the
 // username, thus allowing the user to login 
 if (password == specialpassword)
 {
   ValidationSuccess = true;
 }

 if (DoStandardUsernamePasswordVerification() == true)
 {
   ValidationSuccess = true;
 }

 return ValidationSuccess;
}

至于要求#2,我有点困惑。 到底什么是运营商? 我以为我们正在处理使用网络浏览器浏览网站的手机。 操作员在哪里? 如果我上面提出的解决方案没有帮助,请发布回复并提供有关操作员的更多详细信息。

蒂姆

I think it could work. We do #3 on one of our sites. Here is a chunk of code that we use to take care of it. To use this, create a login page (transparentlogin.aspx or something similar), make sure that the web.config file allows anonymous access to this page, and put code like this in the page_load function for the transparentlogin.aspx page:

const string specialpassword = "ThisIsOurSpecialPasswordForBehindTheScenesLogin";

if (MobileNumberFoundInHeader())
{
  string username = GetMobileNumberFromHeaders();
  // Authenticate the user behind the scenes
  System.Web.Security.FormsAuthentication.SetAuthCookie(username, false);
  System.Web.Security.FormsAuthentication.Authenticate(username, specialpassword);
}
else
{
  throw new Exception ("Mobile Number Missing");
}

Then, in the ValidateUser function in the MembershipProvider, make sure you do a check like this:

public override bool ValidateUser(string username, string password)
{
 const string specialpassword = "ThisIsOurSpecialPasswordForBehindTheScenesLogin";

 bool ValidationSuccess = false;

 // If the password being passed in is the right secret key (same  
 // for all users), then we will say that the password matches the
 // username, thus allowing the user to login 
 if (password == specialpassword)
 {
   ValidationSuccess = true;
 }

 if (DoStandardUsernamePasswordVerification() == true)
 {
   ValidationSuccess = true;
 }

 return ValidationSuccess;
}

As for requirement #2, I'm a little confused. What exactly is an operator? I thought we were dealing with a mobile phone using a web browser to browse to a website. Where does the operator fit into that? If the solution I propose above doesn't help, please post a response with more details about the Operator.

Tim

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文