对于ASP.NET MVC实现自定义登录 [英] Implementing custom login for ASP.NET MVC

问题描述

我新的ASP.NET MVC和需要就如何落实以下建议升技。

I'm new to ASP.NET MVC and need abit of advice on how to implement the following.

该网站是一个频繁使用的网站与内部大约200用户（内网）。我们使用窗体身份验证创下了SQL Server数据库（而不是Windows集成）。

The site is a heavily used site with roughly 200 users internally (intranet). We use forms authentication hitting a SQL Server DB (not windows integrated).

有些动作是受保护的，有些是任何人可见，有些是可见的双方 - 所以，如果那里有登录的用户，他们看到来自DB自己的东西，否则他们看到一个临时配置文件 - 就像计算器

Some actions are protected, some are viewable by anyone and some are viewable by both - so if theres a logged in user they see their stuff from the DB, otherwise they see a temporary profile - much like StackOverflow.

我将如何去实现一个安全模型对于这种情况？我可以重用的ASP.NET MVC的现有框架和使用授权的过滤器？

How would I go about implementing a security model for this scenario? Can I reuse the existing framework in ASP.NET MVC and use the authorization filters?

有没有网上的文章，我可以作为一个参考？

Is there any online articles that I can use as a reference?

推荐答案

我有同样的问题，因为我要实现我的定制用户数据库中的asp.net的成员，我的解决办法是覆盖默认ASPNET成员资格提供管理用户登录和ASPNET角色提供管理用户的角色。
例如，我的定义成员资格提供看起来某事像这样

I had the same problem since I want to implement the asp.net membership with my custom built user database, my solution was to override the default aspnet membership provider for manage users logging and aspnet role provider to manage users role. For example, my custom membership provider will look sth like this

namespace Entities
{
    public class VEMembership : MembershipProvider
    {
        public override bool ValidateUser(string username, string password)
        {
            // your logic to validate user
            // return false if not qualified, other wise true
        }
    }
}

然后在你的web配置文件，你只需要您的默认成员资格提供程序添加到：

And then in your web config file, you just need to add your default membership provider to :

<membership defaultProvider="VEMembership">
    <providers>
        <clear/>
        <add name="VEMembership"
            type="Entities.VEMembership" 
            enablePasswordReset="true"
            requiresQuestionAndAnswer="false"
            requiresUniqueEmail="false"
            passwordFormat="Hashed"
            maxInvalidPasswordAttempts="5"
            minRequiredPasswordLength="6"
            minRequiredNonalphanumericCharacters="0"
            passwordAttemptWindow="10"
            passwordStrengthRegularExpression=""
            connectionString="VEConnectionString"/>
    </providers>
</membership>

有关于谷歌搜索wrting定制ASPNET成员提供，如果你需要做任何的帮助很多文章。
希望这有助于

There are plenty article on wrting custom aspnet membership provider on google search, if you need any help on doing this. Hope this helps

这篇关于对于ASP.NET MVC实现自定义登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！