是否可以使用 ASP.NET MVC 创建登录系统但不使用 MembershipProvider? [英] Is it possible to create a Logon System with ASP.NET MVC but not use the MembershipProvider?
问题描述
我有一个带有用户表的现有数据库,我们计划将该数据库用于构建在 ASP.NET MVC 中的新系统.然而,我不确定的是我是否能够创建一个不使用内置帐户控制器或常规会员提供程序的登录系统,以便我们仍然可以使用现有的表结构.
I have an existing database with a users table, and we are planning to take the database and use it for a new system built in ASP.NET MVC. However, what I am uncertain about is whether or not I am able to create a login system that doesn't use the built in account controller or a regular membership provider so that we can still use the existing table structure.
所以我的问题是,这可能吗?或者甚至特别难做?
So my question is, would this be possible? Or even particularly difficult to do if it is?
最广为接受且最简单的做事方式是什么?
What is the most widely accepted way of doing things and the simplest?
推荐答案
我有这个完全相同的要求.我有自己的用户和角色架构,不想迁移到 asp.net 成员架构,但我确实想使用 ASP.NET MVC 操作过滤器来检查授权和角色.我不得不进行大量挖掘才能确切地找出需要完成的工作,但最终还是相对容易的.我会省去你的麻烦,告诉你我做了什么.
I had this exact same requirement. I had my own user and role schema and did not want to migrate to the asp.net membership schema but I did want to use the ASP.NET MVC action filters for checking authorization and roles. I had to do a fair amount of digging to find out exactly what needed to be done, but in the end it was relatively easy. I'll save you the trouble and tell you what I did.
1) 我创建了一个派生自 System.Web.Security.MembershipProvider 的类.MembershipProvider 有大量抽象方法用于各种与身份验证相关的功能,例如忘记密码、更改密码、创建新用户等.我想要的只是能够根据我自己的模式进行身份验证.所以我的班级主要包含空覆盖.我只是覆盖了 ValidateUser:
1) I created a class that derived from System.Web.Security.MembershipProvider. MembershipProvider has a ton of abstract methods for all sorts of authentication-related functions like forgot password, change password, create new user, etc. All I wanted was the ability to authenticate against my own schema. So my class contained mainly empty overrides. I just overrode ValidateUser:
public override bool ValidateUser(string username, string password)
{
if (string.IsNullOrWhiteSpace(username) ||
string.IsNullOrWhiteSpace(password))
return false;
string hash = EncryptPassword(password);
User user = _repository.GetByUserName(username);
if (user == null) return false;
return user.Password == hash;
}
2) 我创建了一个派生自 System.Web.Security.RoleProvider 的类.同样,对于我不需要的所有绒毛,我只有空的实现,比如创建和改变角色.我只是覆盖了两种方法:
2) I created a class that derived from System.Web.Security.RoleProvider. Again, I just had empty implementations for all the fluff I did not need like creating and changing roles. I just overrode two methods:
public override string[] GetRolesForUser(string username)
{
User user = _repository.GetByUserName(username);
string[] roles = new string[user.Role.Rights.Count + 1];
roles[0] = user.Role.Description;
int idx = 0;
foreach (Right right in user.Role.Rights)
roles[++idx] = right.Description;
return roles;
}
public override bool IsUserInRole(string username, string roleName)
{
User user = _repository.GetByUserName(username);
if(user!=null)
return user.IsInRole(roleName);
else
return false;
}
3) 然后我将这两个类插入到我的 web.config 中:
3) Then I plugged these two classes into my web.config:
<membership defaultProvider="FirstlookMemberProvider" userIsOnlineTimeWindow="15">
<providers>
<clear/>
<add name="FirstlookMemberProvider" type="FirstlookAdmin.DomainEntities.FirstlookMemberProvider, FirstlookAdmin" />
</providers>
</membership>
<roleManager defaultProvider="FirstlookRoleProvider" enabled="true" cacheRolesInCookie="true">
<providers>
<clear/>
<add name="FirstlookRoleProvider" type="FirstlookAdmin.DomainEntities.FirstlookRoleProvider, FirstlookAdmin" />
</providers>
</roleManager>
就是这样.默认授权操作过滤器将使用这些类.您仍然需要处理登录页面的登录和注销.只需像往常一样使用标准表单身份验证类即可.
That's it. The default authorization action filters will use these classes. You will still have to handle the login page sign in and sign off. Just use the standard forms authentication classes for this like you normally would.
这篇关于是否可以使用 ASP.NET MVC 创建登录系统但不使用 MembershipProvider?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
