窗体在web.config中的身份验证 [英] Forms authentication in web.config

问题描述

我使用MVC3，并把在web.config文件中的用户身份验证。这是绕过认证SQLSERVER

I am using MVC3 and have put the user authentication in the web.config file. This is to bypass sqlserver authentication.

code如下web.config中：

code as below in web.config:

<authentication mode="Forms">
      <forms loginUrl="~/Account/LogOn" timeout="2880" >
        <credentials passwordFormat="Clear">
          <user name="test123" password="test123" />
        </credentials>
      </forms>
</authentication>

我试着用所提到的用户ID和密码登录，我收到错误的页面

I tried login with the mentioned user id and password, I am getting error in the page as

登录不成功。请更正错误，然后重试。

Login was unsuccessful. Please correct the errors and try again.

* The user name or password provided is incorrect.

当我调试到AccountController.cs文件，在 MembershipService.ValidateUser（model.UserName，model.Password）方法失败。

when I debug into the AccountController.cs file, failing at the MembershipService.ValidateUser(model.UserName, model.Password) method.

推荐答案

如果您检查标准的ASP.NET MVC 3的 AccountController.cs 的和的 AccountModels.cs 的文件你' LL学什么<一个href=\"http://msdn.microsoft.com/en-us/library/system.web.security.membershipprovider.validateuser.aspx\">MembershipProvider.ValidateUser方法是内部使用（通过<一个href=\"http://msdn.microsoft.com/en-us/library/system.web.security.membership.provider.aspx\">Membership.Provider).如果你想存储的密码在web.config中你应该使用<一个href=\"http://msdn.microsoft.com/en-us/library/system.web.security.formsauthentication.authenticate.aspx\">FormsAuthentication.Authenticate方法来代替。

If you examine standard ASP.NET MVC 3 AccountController.cs and AccountModels.cs files you'll learn what MembershipProvider.ValidateUser method is used internally (via Membership.Provider). If you want to store password in web.config you should use FormsAuthentication.Authenticate method instead.

例如：

public class AuthorizationController : Controller
{
    public ActionResult LogOn()
    {
        return View("LogOn");
    }

    [AcceptVerbs(HttpVerbs.Post)]
    public ActionResult LogOn(string userName, string password, 
        bool rememberMe, string returnUrl)
    {
        if (!ValidateLogOn(userName, password))
            return View("LogOn");

        FormsAuthentication.SetAuthCookie(userName, rememberMe);

        if (!string.IsNullOrEmpty(returnUrl))
            return Redirect(returnUrl);
        else
            return RedirectToAction("Index", "News");

    }

    private bool ValidateLogOn(string userName, string password)
    {
        if (string.IsNullOrEmpty(userName))
            ModelState.AddModelError("username", "User name required");

        if (string.IsNullOrEmpty(password))
            ModelState.AddModelError("password", "Password required");

        if (ModelState.IsValid && !FormsAuthentication.
            Authenticate(userName, password))
            ModelState.AddModelError("_FORM", "Wrong user name or password");

        return ModelState.IsValid;
    }

    public RedirectToRouteResult LogOff()
    {
        FormsAuthentication.SignOut();

        return RedirectToAction("LogOn");
    }
}

这篇关于窗体在web.config中的身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！