什么是最低ASP.NET提供者实现我需要获得用户身份验证和授权？ [英] What is the minimum ASP.NET provider implementation I need to get a user authenticated and authorized?

问题描述

在默认情况下ASP.NET MVC设置了的AccountController使用SqlMembershipProvider的，的SqlProfileProvider和SqlRoleProvider。我并不真的需要给表带来的一切，其实，它更是一个麻烦，我的数据捏成该模型。

By default ASP.NET MVC setups up the AccountController to use the SqlMembershipProvider, SqlProfileProvider and the SqlRoleProvider. I don't really need everything that brings to the table, in fact, it is more of a hassle to shape my data into that model.

我需要实现上的MembershipProvider，RoleProvider和ProfileProvider抽象类来获得身份验证和授权，而不是打破一些其他的依赖，可能是那里的最小值是？

What is the minimum I need to implement on the MembershipProvider, RoleProvider and ProfileProvider abstract classes to get authentication and authorization and not break some other dependency that might be there?

例如，在ProfileProvider它要我重写FindInactiveProfilesByUserName的方法，但我真的不关心这个功能。哪里是我的应用程序将打破NotImplementedException触发时？

For instance, on the ProfileProvider it wants me to override the "FindInactiveProfilesByUserName" method, but I don't really care about this feature. Where is my app going to break when the NotImplementedException fires?

此外，上的MembershipProvider比如，我不需要FindUsersByEmail方法。如果我不执行，将ASP.NET MVC呛在​​某些时候？如果是这样，在哪里？

Additionally, on the MembershipProvider for instance, I don't need the FindUsersByEmail method. If I don't implement it will ASP.NET MVC choke at some point? If so, where?

推荐答案

据我所知，ASP.NET MVC并没有真正做任何事情，你就验证。考虑到这一点，作为@chrispr说，你应该只需要执行的ValidateUser ，并通过ASP.NET MVC项目模板创建的项目唯一的身份验证过程中调用这个方法。

As far as I know, ASP.NET MVC doesn't really do anything for you with regard to authentication. With that in mind, as @chrispr says, you should only need to implement ValidateUser, and the project created by the ASP.NET MVC project template only calls that method during authentication.

关于授权，我参加了反射看看 AuthorizationAttribute ，发现它调用 IPrincipal.IsInRole 。综观 System.Web.Security.RolePrincipal 在反射器， IsInRole 要求 GetRolesForUser ，所以你可以尝试只实现该方法的开始。

Regarding authorization, I took a look at AuthorizationAttribute in Reflector and found that it calls IPrincipal.IsInRole. Looking at System.Web.Security.RolePrincipal in Reflector, IsInRole calls GetRolesForUser, so you could try implementing only that method to start with.

我实现类似的原因自定义提供（我不喜欢SQL供应商使用的模式），但我选择不实现自定义配置文件提供程序，因为它似乎依靠配置文件属性的配置设置，我没不想去的路线（见 ASP.NET配置文件属性概述 ）。

I implemented custom providers for similar reasons (I don't like the schema the sql providers use), but I chose not to implement a custom profile provider since it seems to rely on configuration settings for the profile properties, and I didn't want to go that route (see ASP.NET Profile Properties Overview).

作为一个方面说明，我发现，在看的SqlMembershipProvider 和 SqlRoleProvider 在反射器是有益的，当我实现我自己的供应商，所以你可能想要做的是一样的。

As a side note, I found that looking at the SqlMembershipProvider and SqlRoleProvider in Reflector was helpful when I implemented my own providers, so you might want to do the same.

这篇关于什么是最低ASP.NET提供者实现我需要获得用户身份验证和授权？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！