我如何通过Asp.Net MVC 6帐户控制器的所有方法？ [英] How do I go through Asp.Net MVC 6 Account controller's all methods?

问题描述

我需要对Asp.Net MVC 6默认帐户控制器方法有一个完整的想法。我在哪里可以得到完整的文章？我浏览了这篇文章，但它没有解释所有的自定义ASP.NET用于身份验证和授权的身份系统

我需要了解[Autorize]，[AllowAnonymous]和[ValidateAntiForgeryToken]等装饰。请帮助我，因为我应该处理网站帐户管理操作，所以我想优雅地处理它。

解决方案

移动这个回答，因为我有一个公平扔给你的。



所以我有几个资源给你。第一个是使用表单身份验证的更基本的如何：

http://www.codeproject.com/Articles/578374/AplusBeginner-27splusTutorialplusonplusCustomplusF



这是一个更高级的入门书，有很多场景和更多的更新方法：



http://typecastexception.com/post /2014/04/20/ASPNET-MVC-and-Identity-20-Understanding-the-Basics.aspx



现在您正在查看的属性是在确定身份验证并建立角色之后，与流程的授权部分保持一致。可以在控制器或操作级别添加任何授权属性。



最简单的触摸属性是[ValidateAntiForgeryToken]。此令牌用于确保您的站点未被用作跨站点脚本攻击的一部分。不要担心细节，只要知道将修改应用程序或持久存储状态的任何用户操作都应标记为。



[AllowAnonymous ]属性完全符合它的含义：用户在使用此操作之前无需进行身份验证。我还建议它只用于操作，它不适合控制器IMO。



[授权（/ *角色，用户* /）]属性用于将操作或控制器锁定到特定用户（这有点愚蠢）或具有指定角色（组）的用户。这用于分隔控制器中可以执行权限的位置。



如果您来自桌面开发环境，您可能不太熟悉Web应用程序中使用的某些访问控制方法。 RBAC标准是MVC连接的标准，并且相对有效。如果你是一个温和的自虐和从建筑的角度来看，NIST有一些可用于研究的RBAC资源：

http://csrc.nist.gov/groups/SNS/rbac/ [ ^ ]

如果你是MVC的新手，如果你想成为一个鱼捕手而不是一个男人谁总是依赖别人的帮助和MVC的详细知识我建议你看看https://www.microsoftvirtualacademy.com/search/SearchResults.aspx?q=mvc

或者

使用MVC实现实体框架
https://www.microsoftvirtualacademy.com/en-US/training-courses/implementing-entity-framework-with-mvc-8931?l = e2H2lDC3_8304984382

使用身份自定义ASP.NET身份验证

https://www.microsoftvirtualacademy.com/en-US/training-courses/customizing-asp-net-authentication -with身份-86 47？l = 1Yef8hF1_7604984382

ASP.NET简介5

https://www.microsoftvirtualacademy.com/en-US/training-courses/introduction-to-asp -net-5-13786？l = PvSZtxoXB_5101937557

包管理和工作流自动化

https://www.microsoftvirtualacademy.com/en-US/training-courses/package -management-和工作流程自动化-10524ΔL= Qq4DMN87_004984382

I Need to have a complete idea about Asp.Net MVC 6 Default Account Controller methods. Where Can I get that complete article? I went through this article but it doesn't explain all Customizing ASP.NET Identity System for Authentication and Authorization
I need to understand that decorations like [Autorize] , [AllowAnonymous] and [ValidateAntiForgeryToken]. Please Help me out as I am supposed to handle a website account management operations so I want to handle it gracefully.

解决方案

Moving this to answer, since I have a fair amount to throw at you.

So I've got a couple of resources for you. The first is a more basic "How To" on using forms authentication:
http://www.codeproject.com/Articles/578374/AplusBeginner-27splusTutorialplusonplusCustomplusF

And a more advanced primer, that has many scenarios and a little more of an updated approach:

http://typecastexception.com/post/2014/04/20/ASPNET-MVC-and-Identity-20-Understanding-the-Basics.aspx

Now the attributes that you're looking at are aligned with the Authorization portion of the process, after authentication has been determined and roles established. Any authorization attribute can be added at the controller or action level.

The easiest attribute to touch on is the [ValidateAntiForgeryToken]. This token is used to make sure that your site is not being used as part of a Cross-site scripting attack. Don't worry about the details, just know that any user action that will modify the state of your application or persistent storage should be flagged with this.

The [AllowAnonymous] attribute does exactly what it says: A user does not need to authenticate before using this action. I also suggest it only be used on actions, it's not appropriate for controllers IMO.

The [Authorize(/*Role,User*/)] attribute is used to lock down an action or controller to either specific users (which is mildly silly) or to users that have an assigned role (groups). This is used to separate where permissions can be exercised in your controller.

If you're coming from a desktop development environment, you might not be terribly familiar with some of the access control methodologies that are in use in web applications. The RBAC standard is the one that MVC is wired for, and it is relatively effective. If you're mildly masochistic and working from an architectural point-of-view, NIST has a number of RBAC resources available for research:
http://csrc.nist.gov/groups/SNS/rbac/[^]

IF you a newbie to MVC, and if you wanna be a fish catcher rather a man who always rely on others help and for the detail knowledge of MVC I recommend you to have a look on https://www.microsoftvirtualacademy.com/search/SearchResults.aspx?q=mvc
or
Implementing Entity Framework with MVC
https://www.microsoftvirtualacademy.com/en-US/training-courses/implementing-entity-framework-with-mvc-8931?l=e2H2lDC3_8304984382
Customizing ASP.NET Authentication with Identity
https://www.microsoftvirtualacademy.com/en-US/training-courses/customizing-asp-net-authentication-with-identity-8647?l=1Yef8hF1_7604984382
Introduction to ASP.NET 5
https://www.microsoftvirtualacademy.com/en-US/training-courses/introduction-to-asp-net-5-13786?l=PvSZtxoXB_5101937557
Package Management and Workflow Automation
https://www.microsoftvirtualacademy.com/en-US/training-courses/package-management-and-workflow-automation-10524?l=Qq4DMN87_004984382

这篇关于我如何通过Asp.Net MVC 6帐户控制器的所有方法？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！