窗体在web.config中的身份验证 [英] Forms authentication in web.config
问题描述
我使用MVC3,并把在web.config文件中的用户身份验证。这是绕过认证SQLSERVER
I am using MVC3 and have put the user authentication in the web.config file. This is to bypass sqlserver authentication.
code如下web.config中:
code as below in web.config:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" >
<credentials passwordFormat="Clear">
<user name="test123" password="test123" />
</credentials>
</forms>
</authentication>
我试着用所提到的用户ID和密码登录,我收到错误的页面
I tried login with the mentioned user id and password, I am getting error in the page as
登录不成功。请更正错误,然后重试。
Login was unsuccessful. Please correct the errors and try again.
* The user name or password provided is incorrect.
当我调试到AccountController.cs文件,在 MembershipService.ValidateUser(model.UserName,model.Password)
方法失败。
when I debug into the AccountController.cs file, failing at the MembershipService.ValidateUser(model.UserName, model.Password)
method.
推荐答案
如果您检查标准的ASP.NET MVC 3的 AccountController.cs 的和的 AccountModels.cs 的文件你' LL学什么<一个href=\"http://msdn.microsoft.com/en-us/library/system.web.security.membershipprovider.validateuser.aspx\">MembershipProvider.ValidateUser方法是内部使用(通过<一个href=\"http://msdn.microsoft.com/en-us/library/system.web.security.membership.provider.aspx\">Membership.Provider).如果你想存储的密码在web.config中你应该使用<一个href=\"http://msdn.microsoft.com/en-us/library/system.web.security.formsauthentication.authenticate.aspx\">FormsAuthentication.Authenticate方法来代替。
If you examine standard ASP.NET MVC 3 AccountController.cs and AccountModels.cs files you'll learn what MembershipProvider.ValidateUser method is used internally (via Membership.Provider). If you want to store password in web.config you should use FormsAuthentication.Authenticate method instead.
例如:
public class AuthorizationController : Controller
{
public ActionResult LogOn()
{
return View("LogOn");
}
[AcceptVerbs(HttpVerbs.Post)]
public ActionResult LogOn(string userName, string password,
bool rememberMe, string returnUrl)
{
if (!ValidateLogOn(userName, password))
return View("LogOn");
FormsAuthentication.SetAuthCookie(userName, rememberMe);
if (!string.IsNullOrEmpty(returnUrl))
return Redirect(returnUrl);
else
return RedirectToAction("Index", "News");
}
private bool ValidateLogOn(string userName, string password)
{
if (string.IsNullOrEmpty(userName))
ModelState.AddModelError("username", "User name required");
if (string.IsNullOrEmpty(password))
ModelState.AddModelError("password", "Password required");
if (ModelState.IsValid && !FormsAuthentication.
Authenticate(userName, password))
ModelState.AddModelError("_FORM", "Wrong user name or password");
return ModelState.IsValid;
}
public RedirectToRouteResult LogOff()
{
FormsAuthentication.SignOut();
return RedirectToAction("LogOn");
}
}
这篇关于窗体在web.config中的身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!