MVC 5 &ASP.NET 标识 - 实现混淆 [英] MVC 5 & ASP.NET Identity - Implementation Confusion
问题描述
我正在创建一个新的 Web 应用程序,该应用程序将使用 MVC 5 和 Entity Framework Database First Approach 编写.我还想使用 ASP.Net Identity 来管理会员资格、身份验证、授权等.
I'm creating a new web application that will be written using MVC 5 and Entity Framework Database First Approach. I would also like to use ASP.Net Identity to look after membership, authentication, authorisation etc.
我在网络上阅读了大量有关 ASP.Net Identity 及其工作原理的文章,但是,我仍在学习这个主题.
I've read a good bit about the ASP.Net Identity on the web and how it works, however, I am still learning about this topic.
当我在 Visual Studio 2013 中创建我的 MVC 5 应用程序并查看帐户控制器时,我的第一反应是我不喜欢我所看到的,即DbContextstrong> 被引用名为ApplicationDbContext".我不喜欢这样的原因是因为我更喜欢将我的 DbContext 保留在我的解决方案中的适当项目中,即在我的模型层中,该层遵循关注点分离逻辑.
When I created my MVC 5 application in Visual Studio 2013 and looked at the Account Controller my first instinct was that I didn't like what I saw, i.e., a DbContext was being referenced named 'ApplicationDbContext'. The reason I didn't like this was because I prefer to keep my DbContext in the appropriate project within my solution, i.e., in my Model layer which adheres to the separation of concerns logic.
此外,开箱即用的 MVC 5 项目使用实体框架代码优先来创建默认数据库和表来存储用户、角色等.
Also, the out of the box MVC 5 project uses Entity Framework Code First to create a default database and tables to store the Users, Roles etc.
因为我必须使用带有现有 User 表的现有数据库,这种方法不适合我的需要.
Because I must use an existing database with an existing User table, this approach does not suit my needs.
我仍然想为我的应用程序使用最新的 ASP.Net Identity,因为它看起来有很多好处,因此,我发现这篇文章剥离了很多实体框架代码,但仍然将 OWIN 支持的身份验证引入了 ASP.NET MVC.
I still want to use the latest ASP.Net Identity for my application as it looks to have many benefits, therefore, I found this article which stripped back alot of the Entity Framework code but still got OWIN powered authentication into an ASP.NET MVC.
http://www.khalidabuhakmeh.com/asp-net-mvc-5-authentication-breakdown-part-deux
使用上面的教程,这是我的帐户控制器
Using the tutorial above, here is the HttpPost Login method for my Account Controller
[HttpPost]
[AllowAnonymous]
public ActionResult Login(LoginViewModel model, string returnUrl)
{
if (ModelState.IsValid)
{
//Calling my own custom Account Service which validates users login details
var user = _AccountService.VerifyPassword(model.UserName, model.Password, false);
if (user)
{
var identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, model.UserName), }, DefaultAuthenticationTypes.ApplicationCookie, ClaimTypes.Name, ClaimTypes.Role);
//ToDo: Manually adding Role, but will pull from db later
identity.AddClaim(new Claim(ClaimTypes.Role, "guest"));
AuthenticationManager.SignIn(new AuthenticationProperties
{
IsPersistent = model.RememberMe
}, identity);
return RedirectToAction("Index", "MyDashboard");
}
else
{
ModelState.AddModelError("", "Invalid username or password.");
}
}
return View(model);
}
在我以前的 MVC 应用程序中,我通常会推出自己的自定义成员资格,当用户登录站点并通过身份验证时,我会在 UserData 中存储任何其他用户详细信息,例如用户 ID、DOB 等FormsAuthenticationTicket 的strong> 字符串.
In my previous MVC applications I usually rolled my own custom membership and when a User logged into the site and was authenticated, I would have stored the any additional user details such as userID, DOB etc in the UserData string of the FormsAuthenticationTicket.
由于上面的代码没有使用FormsAuthentication,而是使用了OWIN CookieAuthentication,我不确定如何存储这些额外的用户数据.
As the code above does not use FormsAuthentication, instead it uses OWIN CookieAuthentication, I am not sure how to store this additional user data.
因此,我对我遇到的问题有一些疑问.
Therefore, I have a few questions about the problems I am experiencing.
我如何像以前在 FormsAuthentication 中那样存储用户 ID 或任何其他用户数据(DOB 等)?这是通过向身份添加声明来完成的吗?
How do I store the userID or any other additional piece of user data (DOB etc) the way I used to in FormsAuthentication? Is this done by adding a Claim to the identity?
考虑到我使用 Entity Framework Database First 和现有数据库,上述使用 ASP.Net Identity/OWIN 的方法是否正确?
Does the method of using ASP.Net Identity/ OWIN above seem correct considering I am using Entity Framework Database First with an existing database?
我是否应该使用帐户控制器中使用的开箱即用代码,即 UserManager、ApplicationUser、ApplicationDbContext 等,并将其连接到我现有的数据库中?
Should I be using the out of the box code that is used in the Account Controller, i.e., UserManager, ApplicationUser, ApplicationDbContext etc and hooking this up to work with my existing database?
如果我的问题令人困惑,我深表歉意,我想我只是有点不确定在我最近的项目中尝试使用 ASP.Net Identity 时应该使用什么方法.
I apologise if my question is confusing, I suppose I'm just a little unsure of what approach I should be using whilst attempting to use ASP.Net Identity in my latest project.
任何反馈将不胜感激.
谢谢.
推荐答案
1) 新的 Katana Cookie 中间件支持声明.这就是它比表单身份验证 cookie 更好的原因;声明模型任何键/值对,这些可以存储在身份验证 cookie 中.有关详细信息,请参阅此帖子:
1) The new Katana Cookie middleware supports claims. This is what makes this better than forms auth cookie; claims model any key/value pair and those can be stored in the authentication cookie. See this post for more details:
2 &3) 至于您的身份数据存储,如果您需要使用现有表,那么您可能无法使用 Microsoft 的 EF 提供的类.相反,您将需要自己实现 IUserStore 和您的应用程序需要的所有其他商店接口.我不确定是否值得更改您已经用于存储用户数据的内容.
2 & 3) As far as your storage for identity data, if you need to work with an existing table then you might not be able to use Microsoft's EF provided classes. Instead you'd be left on your own to implement IUserStore and all the other store interfaces your app needs. I'm not certain it's worth changing what you're already using to store the user data.
请记住,OWIN/Katana 部分与身份存储是分开的.
Keep in mind that the OWIN/Katana part is separate from the identity storage.
这篇关于MVC 5 &ASP.NET 标识 - 实现混淆的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
