如何在我的 ASP.NET MVC 应用程序中附加自定义成员资格提供程序? [英] How can I attach a custom membership provider in my ASP.NET MVC application?

问题描述

如何将我的自定义成员资格提供程序与我的 ASP.NET MVC [Authorize()] 属性联系起来?我已经阅读了许多关于如何创建自定义成员资格提供程序的教程，但我发现的有关如何将其连接到应用程序的所有信息似乎都围绕着常规的 ASP.NET WebForms 应用程序，这似乎是一个部分蛋糕.

How do I tie up my custom membership provider with my ASP.NET MVC [Authorize()] attribute? I've blasted through a number of tutorials for how to create a custom membership provider but all the information I've found about how to hook it up to an application seems to revolve around regular ASP.NET WebForms applications which seem to be a piece of cake.

我对 ASP.NET MVC 中发生的大量魔法"感到困惑，这很棒，但我习惯于以 WebForms 的方式插入东西，所以这种它只是有效"的方法是一种对我来说有点折腾.我怎么知道我什么时候应该做繁重的工作，或者我应该只是依靠魔法发生的事情?

I'm coming unstuck with the amount of "magic" that just happens in ASP.NET MVC which is great, but I'm used to plugging stuff in in a WebForms way so this "it just works" methodology is a bit of a mind bender for me. How do I know when I'm supposed to do the heavy lifting or I'm supposed to just rely on it happening by magic?

我在哪里将我的提供者与 MVC 应用程序联系起来?我是否正确地假设一旦我连接它就通过 [Authorize()] 属性调用它?

Where do I tie my provider in to an MVC app? Am I right in assuming that it is invoked through the [Authorize()] attribute once I do get it hooked up?

推荐答案

希望我可以对其他答案进行一些额外的澄清，因为它们确实没有解释正在发生的事情，这不会帮助您解决困惑.

Hopefully I can add some additional clarity over the other answers as they really don't explain what's going on which isn't going to help your confusion.

首先，根据您已经完成的事情实现您的自定义提供程序，所以我只会抛出一个小代码片段，这里不会详细介绍:

First up, implement your custom provider which from the sound of things you've done already, so I'll just throw up a little code snippet and won't go into any further detail here:

using System.Web.Security;

public class MyCustomMembershipProvider : MembershipProvider
{
    public override bool ValidateUser(string username, string password)
    {
        if (username.Equals("BenAlabaster") && password.Equals("Elephant"))
            return true;

        return false;
    }

    /* Override all the other methods required to extend MembershipProvider */        
}

然后在 web.config 中配置提供程序，确保填充配置基本 MembershipProvider 的属性:

Then you configure your provider in your web.config making sure to populate the attributes that configure the base MembershipProvider:

<membership defaultProvider="MyCustomMembershipProvider">      
    <providers>        
        <clear />        
        <add name="MyCustomMembershipProvider" 
             type="MyNamespace.MyCustomMembershipProvider" 
             enablePasswordRetrieval="false"
             enablePasswordReset="true"          
             requiresQuestionAndAnswer="false"          
             requiresUniqueEmail="true"           
             passwordFormat="Hashed"           
             maxInvalidPasswordAttempts="10"           
             minRequiredPasswordLength="6"           
             minRequiredNonalphanumericCharacters="0"           
             passwordAttemptWindow="10"           
             passwordStrengthRegularExpression=""           
             applicationName="/" />      
    </providers>     
</membership>

接下来，我认为您想多了，即与您的 Web 应用程序的实际搭配.而在 WebForms 应用程序中，您必须自己编写其余的代码 - MVC 框架为您完成剩下的工作 - 您需要做的就是将 [Authorize] 属性添加到您的操作方法中，框架将检查您是否'已登录，如果未登录，则将您重定向到登录页面.登录页面将找到您的自定义提供程序，因为这是在 web.config 中配置的内容，并将登录您的用户.您可以通过引用 User 对象从控制器访问有关登录用户的信息:

The next bit I think you're overthinking, the actual tie-in to your web application. Whereas in a WebForms app you kind of have to code the rest for yourself - the MVC framework does the rest for you - all you need to do is add the [Authorize] attribute to your action method and the framework will check to see if you're logged in, and if not redirect you to the login page. The login page will find your custom provider because that's what's configured in the web.config and will log your user in. You can access information about the logged in user from your controllers by referencing the User object:

public class WhateverController : Controller
{
    [Authorize]
    public ActionResult WhateverAction()
    {
        ViewData["LoggedInAs"] = string.Format("You are logged in as {0}.", User.Identity.Name);
        Return View();
    }
}

所以这个动作需要用户登录并将用户信息呈现给Whatever/WhateverAction.aspx 视图以显示在页面上.

So this action requires that the user is logged in and presents the user information to the Whatever/WhateverAction.aspx view to be displayed on the page.

这篇关于如何在我的 ASP.NET MVC 应用程序中附加自定义成员资格提供程序?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！