在ASP.NET MVC2非常简单的单用户登录? [英] Very simple single user login in ASP.NET MVC2?
问题描述
我建立我的网站,我想限制我的正常公开展示现场(管理部分)的一部分。
I'm building my site, and I want to restrict a part of my site (The admin parts) from normal public display.
- 我使用LINQ对数据库的访问。
- 我有一个服务类通过LINQ来处理的数据库调用
- 我有整个网站的运行,除了登录的部分。
到目前为止,我有仅能找到使用的MembershipProvider和/或RoleProviders等例子,老实说,它似乎是太多的工作,因为我想要的东西。 这一切都做是让你如果您在输入字段中输入正确的密码。
So far I have only been able to find examples using MembershipProvider and/or RoleProviders etc. And to be honest, it does seem like too much work for what I want. All this has to do is to let you in if you type the correct password in the input fields.
我真的能无法回避的提供商?
Can i really not avoid the Providers?
推荐答案
既然你只有一个用户,你不需要创建一个数据库的依赖。您可以根据过的硬codeD凭据一个非常简单的授权服务。例如,
Since you only have a single user you don't need to create a database dependency. You can make a very simple authorization service based off of a hard coded credentials. For example,
public class AuthorizationService{
private AuthorizationService(){}
public static readonly AuthorizationService Instance = new AuthorizationService();
private const string HardCodedAdminUsername = "someone";
private const string HardCodedAdminPassword = "secret";
private readonly string AuthorizationKey = "ADMIN_AUTHORIZATION";
public bool Login(string username, string password, HttpSessionStateBase session){
if(username.ToLowerInvariant().Trim()==HardCodedAdminUsername && password.ToLowerInvariant().Trim()==HardCodedAdminPassword){
session[AuthorizationKey] = true;
return true;
}
return false;
}
public void Logout(HttpSessionStateBase session){
session[AuthorizationKey] = false;
}
public bool IsAdmin(HttpSessionStateBase session){
return session[AuthorizationKey] == true;
}
}
然后就可以建立一个自定义的个IAuthorizationFilter 这样的:
public class SimpleAuthFilterAttribute: FilterAttribute, IAuthorizationFilter{
public void OnAuthorization(AuthorizationContext filterContext){
if(!AuthorizationService.Instance.IsAdmin(filterContext.HttpContext.Session)){
throw new UnauthorizedAccessException();
}
}
}
然后,所有你需要做的是装饰与 SimpleAuthFilter 保护控制器动作,你是应用程序的登录突然的作品。好极了! (注意,我写了这一切code在StackOverflow的答案窗口,所以你可能需要清理错别字等,它的实际工作之前的)
Then all you have to do is decorate the protected controller actions with the SimpleAuthFilter and you're application's login suddenly works. Yay! (Note, I wrote all this code in the StackOverflow answer window, so you may need to clean up typos, etc. before it actually works)
同时,您可以重构这个,如果你发现不必要的省略了用户名。您将需要创建登录控制器动作和注销,使得对
Also, you could refactor this to omit the username if you find that unnecessary. You will need to create a controller action for Login and Logout that make the corresponding calls to the AuthorizationService, if you want your protected controller actions to ever be accessible.
这篇关于在ASP.NET MVC2非常简单的单用户登录?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
