ASP.NET FormsAuthentication 挫折:如何连接自定义 MembershipProvider?
看来我没有很好地表达我的问题,所以我将其添加为补充标题:如何扩展 FormsAuthentication 类,以便可以覆盖配置文件中的默认行为(例如,将执行控制传递给 MembershipProvider for在新页面请求上更新 MembershipUser 的 LastActivity),如果失败,则用我自己的自定义类替换 FormsAuthentication 类的机制,并将其用作通常使用的 FormsAuthentication 类?
我们如何实现一个不那么僵化、更可扩展的 FormsAuthentication 框架,使我们能够集成到自定义 MembershipProvider 中?有这方面的工作吗?最终,我想在我的 web.config 中添加如下内容:
<authentication mode="Forms">
<forms membershipProvider="MyCustomMembershipProvider">
<events>
<add event="AuthenticatedRequest" action="OnAuthRequest" />
<add event="UnAuthenticatedRequest" action="OnRequest" />
<add event="UnAuthorizedRequest" action="UnAuthRequest" />
</events>
</forms>
</authentication>
这不应该占用我所有的时间。表单身份验证在 ASP.NET 页面生命周期中似乎处于较低级别,但必须有一种方法可以彻底规避它。
这与自定义会员资格提供商无关。我想在我的会员资格提供程序类中实现一些功能,例如隐含的“IsOnline”和“LastActivity”功能,但 FormsAuthentication 设置 cookie 并且不会回头。我想在检查 cookie 时注入我自己的代码,但我不能。除了将我自己的饼干放在上面之外,必须有其他方法。
It seems I was not expressing my question well, so I am adding this as a supplemental title: How can I extend the FormsAuthentication class so that I can override default behaviors in a configuration file (for example, pass off execution control to the MembershipProvider for updating the MembershipUser's LastActivity on a new page request), and, failing that, replace the mechanism of the FormsAuthentication class with my own custom class and use that as the FormsAuthentication class would normally be used?
How do we implement a less ridiculously rigid, more extensible FormsAuthentication framework that will allow us to integrate into a custom MembershipProvider? Has there been any work on this? Ultimately, I'd like to put in my web.config something like this:
<authentication mode="Forms">
<forms membershipProvider="MyCustomMembershipProvider">
<events>
<add event="AuthenticatedRequest" action="OnAuthRequest" />
<add event="UnAuthenticatedRequest" action="OnRequest" />
<add event="UnAuthorizedRequest" action="UnAuthRequest" />
</events>
</forms>
</authentication>
This shouldn't be taking up all my time. The Forms Authentication seems to be pretty low-level in the ASP.NET page lifecycle, but there's got to be a way to cleanly circumvent it.
This is not about the custom membership provider. I want to implement things in my membership provider class like the implied "IsOnline" and "LastActivity" functionality, but the FormsAuthentication sets the cookie and doesn't look back. I want to inject my own code when it checks that cookie, but I can't. There has to be a way other than layering my own cookie on top.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
不,事情不是这样的。会员资格提供者不会收到经过身份验证的请求或未经身份验证的请求。事实上,它与身份验证关系不大。这是由安全框架处理的。会员资格仅用作验证某人的用户名和密码的手段。就是这样。您可以将成员身份视为安全框架用于对用户进行身份验证的数据存储,但它本身并不进行身份验证的管理。
这篇文章可能就是您正在寻找的内容:
http://www.asp.net/security/tutorials/forms-authentication-configuration-and-advanced-topics-cs
No, it doesn't work that way. The membership provider doesn't get authenticated requests or unauthenticated requests. In fact, it has very little to do with authentication. That's handled by the security framework. Membership is only used as the means to validate someones username and password. That's it. You can think of Membership as a data store that the security framework uses to authenticate the user, but it does not do the management of the authentication itself.
This article might be what you're looking for:
http://www.asp.net/security/tutorials/forms-authentication-configuration-and-advanced-topics-cs
根据您的更新,您可以按照链接的问题 继承自 SqlMembershipProvider,覆盖您想要更改的任何功能。
您是正确的,表单身份验证只是创建一个 cookie;这就是它的全部作用 - 帮助您的应用程序确定您的用户是否已登录。 Membership部分告诉你IsOnline和LastActivity以及其他用户信息。
如果您可以让我们知道您希望覆盖哪些会员功能,我们可以尽力提供帮助,因为您尚未向我们提供足够的详细信息。
Based on your update, you could create a custom membership provider as mentioned in the linked question that inherits from SqlMembershipProvider, overriding any functionality that you want to change.
You are correct in that Forms Authentication simply creates a cookie; that's all that its meant to do - help your application determine if your user is logged in. The Membership part is what tells you IsOnline and LastActivity and other user information.
If you could let us know what membership functionality you wish to override, we can try to help as you haven't given us enough detail yet.