ASP.NET 用户/会员/会员用户/安全/主体/配置文件...帮助
我知道这听起来像是到处都有解释的东西..但我一直在观看大量的 asp.net/learn 视频阅读文章 - 但仍然缺少一些东西来解释所有这些“会员资格”如何联系在一起。
一方面,有内置的 .net 用户管理,它允许您创建角色、用户等。另一方面,获取该用户并将其存储(在会话等中)似乎是一项奇怪的任务,从我的角度来看已经阅读过,涉及创建您自己的“主要”对象等。
如果有人有理解力和时间,他们能给我们(我)一个简短的解释,说明这一切是什么。也许它是如何联系在一起的...我如何使用字符串用户名/密码来查看帐户是否存在,登录它们,检查它们是否处于操作的正确角色..或者甚至获取用户的所有角色是一部分?
我知道这个问题对于那些已经很好地了解 .net 用户内容的人来说可能不太好理解,但请仅在您能提供帮助的情况下回答。
非常感谢。 佩泰斯基
I know this might sound like something which is explained everywhere.. but I've been watching lots of asp.net/learn videos reading articles - and still there's something missing that explains how all this "Membership" ties together.
On the one hand, there's this built-in .net user management which allows you to create roles, users etc. Then on the other hand, getting that user, storing it (in the Session etc) seems a strange task, from what I have read, involving creating your own 'Principal' objects etc.
If there is anyone out there who has the understanding and time, could they give us(me) a brief explanation of what is what with all this. Maybe how it ties together... How do I use a string username/password to see if an account exists, log them in, check if they are in the correct role for an action .. or even get all the roles which the user is part of?
I know this question might not go down well with people who already understand the .net user stuff well, but please only answer if you can help.
Many thanks in advance.
peteski
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您根本不必创建自己的主要对象。您所能做的就是使用开箱即用的 MembershipProvider 之一(例如:SQLMembershipProvider)来管理您的用户,并使用 RoleProvider 之一(例如:SQLRoleProvider)为用户设置授权(如果需要)。
要获取用户,您不必将其存储在会话中。只需使用Page.User即可获取当前用户的基本信息(名称、IsAuthenticated)。
要检查用户的用户凭据是否正确,您可以使用
登录,我建议您使用提供的 ASP.NET 登录控件,但您可以通过更多的工作编写自己的登录代码。如果使用 Form 身份验证,则类似于:
PS :示例来自 MSDN
最后,要检查用户是否可以执行操作,您使用
您还可以控制对资源(页面、文件、文件夹等)的访问.) 通过 web.config 中的配置授权 ex:
<拒绝用户=“?” >>
<允许角色=“管理员”/>
<拒绝用户=“*”/>
希望这对您有所帮助,如果不清楚,请随时询问更多信息
编辑
要回答您的评论,其工作原理如下:
Page.User 使用身份验证 cookie 来识别当前登录的用户。此 cookie 在 FormsAuthentication.RedirectFromLoginPage 中自动设置,但是,如果您只想设置当前用户而不重定向,则可以手动调用 FormsAuthentication.SetAuthCookie(userName,persistentCookie),其中 permanentCookie 是一个布尔值,告诉您是否希望此 cookie 持久或者不在浏览器中。
希望能澄清原来的答案
You don't have to create your own principal object at all. All you can do is using one of the out-of-the-box MembershipProvider (ex: SQLMembershipProvider) to manage your user and use one of the RoleProvider (ex: SQLRoleProvider) to set authorization for the users, if required.
To get the user, you don't have to store it in the session. Just use Page.User to get the current user basic informations (name, IsAuthenticated).
To check if the user if the user credential are correct, you can use
To logon, I suggest you use the provided ASP.NET Login control but you can code you own login with a little more work. If you use Form authentication, it's something like:
P.S : The example comes from MSDN
Finally, to check if the user can perform an action, you use
You can also control access to a resource (a page, a file, a folder, etc.) by configuration authorization in your web.config ex:
<authorization>
<deny users="?" />
<allow roles="Administrators" />
<deny users="*" />
</authorization>
Hope this help and fell free to ask for more informations if it's not clear
Edit
To answer your comment, here's how it works:
Page.User use an Authentication cookie to identify the currently logged user. This cookie is automatically set in FormsAuthentication.RedirectFromLoginPage but, if you just want to set the current user without redirecting, you can manually call FormsAuthentication.SetAuthCookie(userName,persistentCookie) where persistentCookie is a boolean value telling if you want this cookie to be persistent or not in the browser.
Hope it clarify the original answer