中asp.net成员资格和角色编程方式登录用户？ [英] Programmatically log a user in to asp.net membership and roles?

问题描述

我工作的这是使用Asp.Net的成员和角色功能一个Asp.Net 4.0 Web应用程序。

I'm working on an Asp.Net 4.0 web application which is using the Membership and Roles features of Asp.Net.

在该应用程序，将有哪些访问的登录页面三个角色和一个其中没有作用。

In the application, there will be three roles which have access to the login page and one role which doesn't.

它应该工作的方式如下：

The way it is supposed to work is as follows.

返回的最终用户（在三特权角色之一）创建了一个用户。在code，这是编程方式，而不是使用注册用户页面。当创建用户，它们被加入到无特权的角色，其中，为清楚起见被称为访问者作用

Back end user (in one of the three privileged roles) creates a user. In the code, this is done programmatically rather than using the Register User page. When the user is created, they are added to the unprivileged role, which, for the sake of clarity is called the Visitor role.

回到最终用户然后创建的链接是在 https://www.example.com?link=cc82ae24-df47-4dbf-9440-1a6923945cf2

Back end user then creates a link for the new user which is in the form of https://www.example.com?link=cc82ae24-df47-4dbf-9440-1a6923945cf2

在被访问的链接，应用程序将定位与查询字符串相关的用户，得到了用户名和密码（这是适当的散列和盐腌）登录的用户。

When the link is visited, the application will locate the user associated with the query string, get the username and password (which are suitably hashed and salted) and logs the user in.

这就是我来撤消。到目前为止，用户创建工作就好了，根据查询字符串的值的数据库查询在做其工作，并返回信息的相关位，这一切似乎流淌pretty出色，除了实际登录。似乎没有被登录编程的用户一个明确的方法，无需通过获得用户的繁琐程序在记录自己，我已经明确告诉避免的。

This is where I'm coming undone. So far, the user creation is working just fine, the database query based on the value of the query string is doing its job and returning the relevant bits of information, it all seems to be flowing pretty well, except for the actual logging in. There doesn't seem to be a clear method of logging a user in programmatically, without going through the rigmarole of getting the user to log themselves in, which I have been explicitly told to avoid.

下面是我的code，在个人的对象是从数据库中，当他们登陆链接的默认页面上填充类：

Here is my code, the "pers" object is a class which is populated from the database when they land on the default page of the link:

protected void LogUserIn(string p)
{
    SqlConnection conn = UtilityMethods.GetConnection();
    Guid par = Guid.Parse(p);
    BioProspect pers= new BioProspect(conn);
    pers.FillDetailsFromDb(par);

    testlable.Text = pers.ToString();
    Response.Cookies.Remove(FormsAuthentication.FormsCookieName);

    try
    {
        if (Membership.ValidateUser(pers.Email, pers.Pword))
        {

            FormsAuthentication.SetAuthCookie(pers.Email, true);

            Response.Redirect(Request.Url.Scheme + "://" + Request.Url.Host + "/About.aspx");
            testlable.Text = "Logged in!";
        }
        else
        {
            throw new Exception("Something went wrong");
        }
    }
    catch (Exception ex)
    {
        StringBuilder sb = new StringBuilder();
        foreach (DictionaryEntry d in ex.Data)
        {
            sb.Append(d.Key.ToString());
            sb.Append(": ");
            sb.Append(d.Value.ToString());
            sb.Append("\r\n");
        }

        AMessage(sb.ToString());
    }
}

现在，我已经检查对数据库表本身的用户名和密码的值，它是正确的。我理解存储在ASPNET表已经咸鱼和散列密码，所以我在我创建的用于保存明文临时表检查值。这是正确的。此外，在上述code时，FormsAuthentication.SetAuthCookie方法是要求用户名和密码 - 在这种情况下，用户名是电子邮件地址。在调试过程中检查该信息也是正确的。

Now, I've checked the values of the username and password against the database table itself and it is all correct. I understand the password stored in the aspnet tables has been salted and hashed, so I'm checking the values in a temporary table I created to hold the clear text. It's right. In addition, in the code above, the FormsAuthentication.SetAuthCookie method is asking for a username and password - in this instance, the username is the email address. This information is also correct when inspected during debugging.

我要指出，我们发送的链接是pretty多一次联系。一个变化是由相关的特定用户每次，链接参数的值会发生变化，旧的链接将被来完全无用。他们将被重定向的页​​面，以将举行这是给特定的用户，并没有其他直接相关文件。

I should point out, the links we are sending are pretty much one time links. Every time a change is made relevant to that particular user, the value of the link parameter will change and the old link will be come completely useless. The page they will be redirected to will hold documents which are directly relevant to that particular user and to no others.

但是，我们仍然需要Asp.Net成员，配置文件和角色框架的好处，因为观众可能有被添加和更改随着时间发送给他们，用不同的文件和文件版本的几个环节。

However, we still need the benefits of the Asp.Net Membership, Profiles and Roles framework, since the "Visitor" may well have several links sent to them, with different documents and versions of documents being added and changed over time.

任何人都可以想出一个更好的办法？我至今看过大多数相关的条目在这里和这里，但他们似乎都有点不完整的。

Can anyone think of a better way? I have so far looked at most of the relevant entries here and here but they all seem somewhat incomplete.

修改

我似乎有至少部分地解决了这个，使用从接受的答案<一个收集的信息href=\"http://stackoverflow.com/questions/2730020/membership-validateuser-always-returns-false-after-upgrade-to-vs-2010-net-4-0\">here

I seem to have at least partially resolved this, using information gleaned from the accepted answer here

从本质上讲，这个问题是需要被告知要使用的哈希算法我的web.config成员部分。此刻，我不知道默认的是，如果有，但添加

Essentially, the problem was my web.config membership section needed to be told which hashing algorithm to use. At the moment, I have no idea what the default one is, if there is one, but adding

<membership hashAlgorithmType="SHA1">

要在web.config至少已经让我登录创建的用户加入上述行之后。下一步是让我明白为什么我不能让其他用户登录。

to the web.config has at least allowed me to log in users created after the above line was added. The next step is for me to understand why I can't get the other users logged in.

不过，我仍然得到一个ThreadAbortException乔，这我现在忙于解决的建议。

I am however still getting a ThreadAbortException as suggested by Joe, which I am now busily working to resolve.

推荐答案

我不知道我完全理解你的问题，而是一个电话 FormsAuthentication.SetAuthCookie 将主要登录用户的编程。

I'm not sure I completely understand your problem, but a call to FormsAuthentication.SetAuthCookie will essentially log the user in programatically.

此外，在上面的code时，FormsAuthentication.SetAuthCookie方法是要求用户名和密码

In addition, in the code above, the FormsAuthentication.SetAuthCookie method is asking for a username and password

没有，SetAuthCookie需要用户名，而不是密码。

No, SetAuthCookie needs a username, but not a password.

在您的样本code，调用的Response.Redirect 将抛出一个 ThreadAbortException ，使您catch块将被执行。也许这就是混淆你。

In your sample code, the call to Response.Redirect will throw a ThreadAbortException, so that your catch block will execute. Maybe that's confusing you.

在回应评论：

基本上，我有问题的是，用户将出现不被得到登录。该FormsAuthenticate方法返回false

Essentially, the problem I am having is that the user appears not to be getting logged on. The FormsAuthenticate method is returning false

有在上述code无 FormsAuthenticate 方法。

There is no FormsAuthenticate method in the above code.

话虽如此，我不明白为什么你要在这种情况下，用户（ Membership.ValidateUser ）进行身份验证。我还以为你会希望找到与查询字符串相关的用户名，然后只需拨打 FormsAuthentication.SetAuthCookie 登录他

Having said that, I don't see why you're trying to authenticate the user (Membership.ValidateUser) in this scenario. I'd have thought you'd want to locate the username associated with the querystring, then simply call FormsAuthentication.SetAuthCookie to log him in.

这篇关于中asp.net成员资格和角色编程方式登录用户？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！