ASP.NET MVC和登录认证 [英] ASP.NET MVC and Login Authentication

问题描述

我已搜查这里很多帖子关于自定义用户身份验证，但都没有解决我所有的疑虑

I have searched many posts here regarding custom user authentication but none have addressed all of my concerns

我新的ASP.NET MVC和使用了传统的ASP.NET（WebForms的），但不知道如何建立一个登录/验证机制的使用用户ASP.NET MVC。

I am new to ASP.NET MVC and have used traditional ASP.NET (WebForms) but don't know how build a login / authentication mechanism for a user using ASP.NET MVC.

protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
    string userName = Login1.UserName;
    string password = Login1.Password;
    bool rememberUserName = Login1.RememberMeSet;

    if (validateuser(userName, password))
    {
        //Fetch the role
        Database db = DatabaseFactory.CreateDatabase();


        //Create Command object
        System.Data.Common.DbCommand cmd = db.GetStoredProcCommand("sp_RolesForUser");
        db.AddInParameter(cmd, "@Uid", System.Data.DbType.String, 15);
        db.SetParameterValue(cmd, "@Uid", Login1.UserName);
        System.Data.IDataReader reader = db.ExecuteReader(cmd);
        System.Collections.ArrayList roleList = new System.Collections.ArrayList();
        if (reader.Read())
        {
            roleList.Add(reader[0]);
            string myRoles = (string)roleList[0];

            //Create Form Authentication ticket
            //Parameter(1) = Ticket version
            //Parameter(2) = User ID
            //Parameter(3) = Ticket Current Date and Time
            //Parameter(4) = Ticket Expiry
            //Parameter(5) = Remember me check
            //Parameter(6) = User Associated Roles in this ticket
            //Parameter(7) = Cookie Path (if any)
            FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, userName, DateTime.Now,
            DateTime.Now.AddMinutes(20), rememberUserName, myRoles, FormsAuthentication.FormsCookiePath);

            //For security reasons we may hash the cookies
            string hashCookies = FormsAuthentication.Encrypt(ticket);
            HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hashCookies);

            // add the cookie to user browser
            Response.Cookies.Add(cookie);

            if (HttpContext.Current.User.IsInRole("Administrators"))
            {
                Response.Redirect("~/Admin/Default.aspx");
            }
            else
            {
                string returnURL = "~/Default.aspx";

                // get the requested page
                //string returnUrl = Request.QueryString["ReturnUrl"];
                //if (returnUrl == null)
                //   returnUrl = "~/Default.aspx";
                Response.Redirect(returnURL);
            }
        }
    }
}

  protected bool validateuser(string UserName, string Password)
  {
    Boolean boolReturnValue = false;

    //Create Connection using Enterprise Library Database Factory
    Database db = DatabaseFactory.CreateDatabase();

    //Create Command object
    DbCommand cmd = db.GetStoredProcCommand("sp_ValidateUser");

    db.AddInParameter(cmd, "@userid", DbType.String, 15);
    db.SetParameterValue(cmd, "@userid", Login1.UserName);

    db.AddInParameter(cmd, "@password", DbType.String, 15);
    db.SetParameterValue(cmd, "@password", Login1.Password);

    db.AddOutParameter(cmd, "@retval", DbType.Int16, 2);
    db.ExecuteNonQuery(cmd);

    int theStatus = (System.Int16)db.GetParameterValue(cmd, "@retval");

    if (theStatus > 0)  //Authenticated user
        boolReturnValue = true;
    else  //UnAuthorized...
        boolReturnValue = false;

    return boolReturnValue;
}

我真的不知道怎么翻译了ASP.NET code到MVC式的体系结构;我依然在如何在ASP.NET MVC实现认证的损失。

I don't really know how to translate that ASP.NET code into MVC-esque architecture; and I'm still at a loss on how to implement authentication in ASP.NET MVC.

我需要做什么呢？我如何在ASP.NET中实现MVC上述code？什么我从code失踪？

What do I need to do? How do I implement the above code in ASP.NET MVC? What am I missing from that code?

推荐答案

您可以自己写您的身份验证服务。
这里有一个小故事：

You can write your authentication service by yourself. Here is a short story:

您的用户模型类（即。）

Your user model class(i.e.)

public class User
    {
        public int UserId { get; set; }
        public string Name { get; set; }
        public string Username { get; set; }
        public string Password { get; set; }
        public string Email { get; set; }
        public bool IsAdmin { get; set; }
    }

您的用户资料库类（即。）

Your user repository class(i.e.)

 public class UserRepository
    {
        Context context = new Context();       
        public User GetByUsernameAndPassword(User user)
        {
            return context.Users.Where(u => u.Username==user.Username & u.Password==user.Password).FirstOrDefault();
        }
    }

和用户应用程序类（即。）

And your user application class(i.e.)

public class UserApplication
    {
        UserRepository userRepo = new UserRepository();     
        public User GetByUsernameAndPassword(User user)
        {
            return userRepo.GetByUsernameAndPassword(user);
        }
    }

下面是您的帐户控制器（即。）

Here is your account controller(i.e.)

public class AccountController : Controller
    {
        UserApplication userApp = new UserApplication();
        SessionContext context = new SessionContext();

        public ActionResult Login()
        {
            return View();
        }
        [HttpPost]
        public ActionResult Login(User user)
        {
            var authenticatedUser = userApp.GetByUsernameAndPassword(user);
            if (authenticatedUser != null)
            {
                context.SetAuthenticationToken(authenticatedUser.UserId.ToString(),false, authenticatedUser);
                return RedirectToAction("Index", "Home");
            }

            return View();
        }

        public ActionResult Logout()
        {
            FormsAuthentication.SignOut();
            return RedirectToAction("Index", "Home");
        }

和您的SessionContext被类（即。）

And your SessionContext class(i.e.)

public class SessionContext
    {
        public void SetAuthenticationToken(string name, bool isPersistant, User userData)
        {
            string data = null;
            if (userData != null)
                data = new JavaScriptSerializer().Serialize(userData);

            FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, name, DateTime.Now, DateTime.Now.AddYears(1), isPersistant, userData.UserId.ToString());

            string cookieData = FormsAuthentication.Encrypt(ticket);
            HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, cookieData)
            {
                HttpOnly = true,
                Expires = ticket.Expiration
            };

            HttpContext.Current.Response.Cookies.Add(cookie);
        }

        public User GetUserData()
        {
            User userData = null;

            try
            {
                HttpCookie cookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
                if (cookie != null)
                {
                    FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);

                    userData = new JavaScriptSerializer().Deserialize(ticket.UserData, typeof(User)) as User;
                }
            }
            catch (Exception ex)
            {
            }

            return userData;
        }
    }

最后下列标记添加到您的标记在web.config文件：

And finally add the following tag to your tag in web.config file:

<authentication mode="Forms">
  <forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>

而现在你只需要在每个需要authentication.like该控制器的头部插入[Autorize]属性：

And now you just need to insert [Autorize] attribute on the head of each controller that needs authentication.like this:

[Authorize]
public class ClassController : Controller
{
   ...
}

这篇关于ASP.NET MVC和登录认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！