当前位置: 文江博客话题详情

适合初学者的 ASP.NET MVC 自定义成员资格

发布于 2024-09-19 08:47:53 字数 185 浏览 9 评论 0原文

我正在创建自己的网站和博客,我希望第一次只有我自己在数据库中(我的姓名和密码),也许稍后为其他人进行一些注册,但首先只为我登录并进行授权管理。我不想使用 MS 的会员资格。我想尝试从一开始就创建自己的,所以我正在寻找初学者指南,但我找到了包含角色、权利的大型指南。我想要一个小例子,检查数据库中的用户名、密码和登录数据。 感谢您的帮助 伦敦银行同业拆借利率

原文

I am creating my own website and blog and I want for first time just me in database (my name and password) and maybe later some registration for others but first log in just for me and administration with authorization. I don´t want to use Membership from MS. I want try to create my own from start so I am looking for guide for beginners but I found big guides with roles, rights. I want just small example with check username, password in database with log on data.
Thanks for help
Libor

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

安穩 2024-09-26 08:47:53

即使您不想使用成员资格和角色提供程序数据存储,您仍然可以使用身份验证。相信我,这比自己构建要容易得多。它的工作原理如下:

我们会说您已经有了用于检索用户名及其密码的用户存储设置。为了简单起见,我假设您有一个名为 DataLayer 的静态类,其中包含用于从数据库(或您使用的任何存储)提取信息的数据检索方法。

首先,您需要一种让用户登录的方法。因此,设置一个包含用户名和密码字段的页面。然后在页面发布的操作方法中设置一个快速的 if 语句:

    if (DataLayer.UserExists(userModel.Username))
    {
         User userFromDB = DataLayer.GetUser(userModel.Username);
         if (userFromDB.Password == userModel.Password)
         {
              FormsAuthentication.SetAuthCookie(userFromDB.Username, checkBoxRememberMe.Checked);
              //Use userFromDB as the username to authenticate because it will 
              //preserve capitalization of their username the way they entered it
              //into the database; that way, if they registered as "Bob" but they
              //type in "bob" in the login field, they will still be authenticated
              //as "Bob" so their comments on your blogs will show their name
              //the way they intended it to.

              return "Successfully logged in!";
         }
    }

    return "Invalid username or password.";

现在他们已经通过身份验证,您可以在代码中使用 Page.User.Identity.IsAuthenticated 来查明他们是否已登录。像这样:

if (User.Identity.IsAuthenticated)
{
     DataLayer.PostBlogComment(User.Identity.Name, commentBody);
     //Then in your controller that renders blog comments you would obviously 
     //have some logic to get the user from storage by the username, then pull
     //their avatar and any other useful information to display along side the
     //blog comment. This is just an example.
}

此外,您可以将整个操作方法甚至整个控制器锁定给通过表单身份验证提供程序进行身份验证的用户。您所要做的就是将此类标签添加到您的操作方法/控制器中:

[Authorize]
public ActionResult SomeActionMethod()
{
    return View();
}

[Authorize] 属性将阻止未登录的用户访问该操作方法,并将他们重定向到您的登录信息页。如果您使用内置角色提供程序,则可以使用相同的属性来过滤角色。

[Authorize(Roles="Admin, SalesReps")]
public ActionResult SomeActionMethod()
{
    return View();
}

这些属性也可以添加到控制器类之上,以将其逻辑应用到整个控制器。

编辑:要注销用户,您所需要做的就是调用 FormsAuthentication.SignOut();

Even if you don't want to use the membership and role provider data store you can still utilize the authentication. Trust me, it's a lot easier than building your own. Here's how it works:

We'll say you already have your user storage setup for retrieving the username and their password. For the sake of simplicity I'm going to pretend you have a static class called DataLayer that contains your data retrieval methods for pulling info from the database (or whatever storage you use).

First you need a way to let the user log in. So set up a page with username and password fields. Then in the action method that the page posts to set up a quick if statement:

    if (DataLayer.UserExists(userModel.Username))
    {
         User userFromDB = DataLayer.GetUser(userModel.Username);
         if (userFromDB.Password == userModel.Password)
         {
              FormsAuthentication.SetAuthCookie(userFromDB.Username, checkBoxRememberMe.Checked);
              //Use userFromDB as the username to authenticate because it will 
              //preserve capitalization of their username the way they entered it
              //into the database; that way, if they registered as "Bob" but they
              //type in "bob" in the login field, they will still be authenticated
              //as "Bob" so their comments on your blogs will show their name
              //the way they intended it to.

              return "Successfully logged in!";
         }
    }

    return "Invalid username or password.";

Now that they are authenticated you can just use Page.User.Identity.IsAuthenticated in your code to find out if they are logged in. LIke this:

if (User.Identity.IsAuthenticated)
{
     DataLayer.PostBlogComment(User.Identity.Name, commentBody);
     //Then in your controller that renders blog comments you would obviously 
     //have some logic to get the user from storage by the username, then pull
     //their avatar and any other useful information to display along side the
     //blog comment. This is just an example.
}

In addition, you can lock out entire action methods or even whole controllers to users that are authenticated through the forms authentication provider. All you have to do is add tags like these to your action methods/controllers:

[Authorize]
public ActionResult SomeActionMethod()
{
    return View();
}

The [Authorize] attribute will prevent users that are not logged in from accessing that action method and it will redirect them to your login page. You can use this same attribute to filter out roles if you are using the built in roles provider.

[Authorize(Roles="Admin, SalesReps")]
public ActionResult SomeActionMethod()
{
    return View();
}

These attributes can also be added above the controller class to apply it's logic to the entire controller.

EDIT: To log a user out all you need to do is call FormsAuthentication.SignOut();

回复 原文
缱倦旧时光 2024-09-26 08:47:53

嘿@Bibo,很高兴不选择会员提供商。我认为 UserService 或类似的提供了创建、验证用户的方法以及其他一些方法应该足够了。建议对用户密码使用密码散列和密码盐。 这里是一个很好的链接,值得一看。另请看看这个答案我前一段时间给过。

祝你好运!

编辑: RememberMe 参数应命名为 keepMeSignedIn。

Hey @Bibo, good for not choosing the Membership providers. I think a UserService or similar which provides methods for creating, authenticating users and some few more methods should be enough. As a suggestion, use password hashing and a password salt for the user´s password. Here is a good link to look at. Also have a look at this answer I gave some time ago.

Good luck!

EDIT: The rememberMe parameter should be named keepMeSignedIn instead.

回复 原文
泪冰清 2024-09-26 08:47:53

这篇关于表单身份验证的文章为您提供了创建自己的简单安全系统的大量信息,特别是有关 FormsAuthenticationTicket 的信息。

http://support.microsoft.com/kb/301240

This article on forms authentication gives you loads of info for creating your own simple security system, especially the bit about FormsAuthenticationTicket.

http://support.microsoft.com/kb/301240

回复 原文
~没有更多了~

关于作者

海的爱人是光

暂无简介

文章
评论
26 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

一桥轻雨一伞开

文章 0 评论 0

冷血

文章 0 评论 0

隔岸观火

文章 0 评论 0

昔梦

文章 0 评论 0

最终幸福

文章 0 评论 0

世界等同你

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文