sitecore 中的基本 MembershipProvider
我正在尝试为 sitecore 实现一个非常非常简单的 MembershipProvider,但我不确定它是否太简单而无法实际工作。基本上我们已经有一个用于用户数据的自定义存储,所以我知道客户 MembershipProvider 是可行的方法。然而,我的应用程序不会让任何人登录,系统的不同部分负责这一点。此外,它并不关心到底是谁登录,只关心他们是否登录(谁部分与我网站的内容区域无关)。
那么解决这个问题的最佳方法是什么?我在 HTTP 标头中传递了一个令牌,它允许我识别某人是否已登录(如果我愿意,我什至可以使用它来实际找出客户是谁)——不用担心它是加密的。
我已经阅读了 sitecore 文档,但它们都涉及 MembershipProvider 的完整实现。
那么,实际上是否有可能有一个会员提供者只执行此操作,即返回一个用户以表示正在登录,或者为那些已注销的用户返回一个“匿名”用户?它不需要关心任何其他事情——密码重置、通过电子邮件查找用户等等。
谢谢, Nick
编辑:在下面 Jens 的帮助下,我放弃了成熟的 MembershipProvider ,转而采用更轻量级的方法。
这就是我到目前为止所遇到的问题,问题是用户没有通过多个请求保持登录状态。
public class TokenLogin : HttpRequestProcessor
{
#region Overrides of HttpRequestProcessor
/// <summary>
/// Processes the specified args.
/// </summary>
/// <param name="args">The args.</param>
public override void Process(HttpRequestArgs args)
{
var customer = SomeCodeToParseAndValidateToken();
//customer is null if token is invalid or missing
if(customer == null || Sitecore.Context.User.IsAuthenticated) return;
CreateVirtualUser(customer);
}
private static void CreateVirtualUser(CustomerAccount customer)
{
string userName = "extranet\\" + customer.CustomerAccountId;
User userItem = AuthenticationManager.BuildVirtualUser(userName, true);
userItem.Profile.Initialize(userName, true);
userItem.Profile.Save();
AuthenticationManager.Login(userItem.Name);
}
#endregion
}
I'm trying to implement a really really simple MembershipProvider for sitecore, but i'm not sure if it's too simple to actually work. Basically we already have a custom store for user data so i know that a customer MembershipProvider is the way to go. However my app will not log anyone in, a different part of the system is responsible for that. Also, it doesn't care who exactly is logged in, just whether they are or aren't (the who part is irrelevant in the content area of my site).
So what is the best way to go about this? I am passed a token in the HTTP header which allows me to identify whether someone is logged in or not (i could even use this to actually find out who the customer is if i so wished) - don't worry it's encrypted.
I've read through the sitecore docs but they all deal with full implementations of MembershipProviders.
So is it possible to actually have a membership provider that does only this i.e. returns either a user to signify being logged or an "anonymous" user for those who are logged out? it need not be concerned with anything else - password reset, look up users by email and all that jazz.
Thanks,
Nick
EDIT: with the help of Jens below i have eschewed a full-blown MembershipProvider in favour of a more lightweight approach.
this is what i have so far, the problem being that users are not kept logged in over multiple requests.
public class TokenLogin : HttpRequestProcessor
{
#region Overrides of HttpRequestProcessor
/// <summary>
/// Processes the specified args.
/// </summary>
/// <param name="args">The args.</param>
public override void Process(HttpRequestArgs args)
{
var customer = SomeCodeToParseAndValidateToken();
//customer is null if token is invalid or missing
if(customer == null || Sitecore.Context.User.IsAuthenticated) return;
CreateVirtualUser(customer);
}
private static void CreateVirtualUser(CustomerAccount customer)
{
string userName = "extranet\\" + customer.CustomerAccountId;
User userItem = AuthenticationManager.BuildVirtualUser(userName, true);
userItem.Profile.Initialize(userName, true);
userItem.Profile.Save();
AuthenticationManager.Login(userItem.Name);
}
#endregion
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
根据您的需要,实施会员提供者需要做很多工作。如果我是你,我会实现一个场景,每次有人需要登录时,你都会创建一个虚拟用户。
因此,逻辑是检查用户是否拥有您的令牌,然后创建一个虚拟用户,登录该虚拟用户,然后您就可以开始了。
以下是有关虚拟用户的指南:http://sdn.sitecore。 net/Articles/Security/Faking%20user%20roles/Virtual%20user.aspx
编辑:链接中的代码已被废弃。以下是添加虚拟用户的方法:
编辑 2:我有以下代码:
我第一次访问前端时输出以下内容:
extranet\Anonymous
错误的
外联网\jenneren
是的
,我第二次访问前端时得到:
Extranet\jenneren
真的
外联网\jenneren
是的
所以它应该有效。
干杯
延斯
Implementing a membershipprovider is a lot of work for what you seem to need. If I were you I would implement a scenario, where you create a virtual user everytime someone needs to be logged in.
So the logic would be to check if a user has your token, then create a virtual user, log the virtual user in and you should be good to go.
Here is a guide on the virual user thingie: http://sdn.sitecore.net/Articles/Security/Faking%20user%20roles/Virtual%20user.aspx
EDIT: The code in the link is depricated. Here is how you add virtual users:
EDIT 2: I have the following code:
This outputs the following the first time I hit the frontend:
extranet\Anonymous
False
extranet\jenneren
True
And the second time I hit the frontend I get:
extranet\jenneren
True
extranet\jenneren
True
So it should work.
Cheers
Jens