是否有可能创建一个登录系统的ASP.NET MVC,但不使用的MembershipProvider? [英] Is it possible to create a Logon System with ASP.NET MVC but not use the MembershipProvider?
问题描述
我有一个用户表中现有的数据库,我们计划采取的数据库,并使用它内置的ASP.NET MVC的新系统。不过,我不确定的是我是否我能够创建不使用内置帐户控制或常规成员提供一个登录系统,这样我们仍然可以使用现有的表结构。
I have an existing database with a users table, and we are planning to take the database and use it for a new system built in ASP.NET MVC. However, what I am uncertain about is whether or not I am able to create a login system that doesn't use the built in account controller or a regular membership provider so that we can still use the existing table structure.
所以我的问题是,这是否可能?甚至是特别困难的事,如果它是什么?
So my question is, would this be possible? Or even particularly difficult to do if it is?
什么是做事情的最广泛接受的方式最简单?
What is the most widely accepted way of doing things and the simplest?
推荐答案
我有这种相同的要求。我有我自己的用户和角色架构和不愿迁移到asp.net会员架构,但我也想使用ASP.NET MVC操作筛选检查的授权和角色。我不得不这样做挖搞清楚需要做了相当多的,但最终它是比较容易的。我会救你的麻烦,告诉你我做了什么。
I had this exact same requirement. I had my own user and role schema and did not want to migrate to the asp.net membership schema but I did want to use the ASP.NET MVC action filters for checking authorization and roles. I had to do a fair amount of digging to find out exactly what needed to be done, but in the end it was relatively easy. I'll save you the trouble and tell you what I did.
1)我创建了一个从System.Web.Security.MembershipProvider派生的类。的MembershipProvider有一吨,为各种认证相关的功能的抽象方法,如忘记密码,修改密码,创建新的用户,等等。所有我想要的是对我自己的模式进行身份验证的能力。所以我的课主要包含空覆盖。我刚刚推翻的ValidateUser:
1) I created a class that derived from System.Web.Security.MembershipProvider. MembershipProvider has a ton of abstract methods for all sorts of authentication-related functions like forgot password, change password, create new user, etc. All I wanted was the ability to authenticate against my own schema. So my class contained mainly empty overrides. I just overrode ValidateUser:
public override bool ValidateUser(string username, string password)
{
if (string.IsNullOrWhiteSpace(username) ||
string.IsNullOrWhiteSpace(password))
return false;
string hash = EncryptPassword(password);
User user = _repository.GetByUserName(username);
if (user == null) return false;
return user.Password == hash;
}
2)我创建了一个从System.Web.Security.RoleProvider派生的类。再次,我只是为所有的绒毛,我并不需要像创建和更改角色的空实现。我只是推翻了两种方法:
2) I created a class that derived from System.Web.Security.RoleProvider. Again, I just had empty implementations for all the fluff I did not need like creating and changing roles. I just overrode two methods:
public override string[] GetRolesForUser(string username)
{
User user = _repository.GetByUserName(username);
string[] roles = new string[user.Role.Rights.Count + 1];
roles[0] = user.Role.Description;
int idx = 0;
foreach (Right right in user.Role.Rights)
roles[++idx] = right.Description;
return roles;
}
public override bool IsUserInRole(string username, string roleName)
{
User user = _repository.GetByUserName(username);
if(user!=null)
return user.IsInRole(roleName);
else
return false;
}
3)然后我插上这两个类到我的web.config:
3) Then I plugged these two classes into my web.config:
<membership defaultProvider="FirstlookMemberProvider" userIsOnlineTimeWindow="15">
<providers>
<clear/>
<add name="FirstlookMemberProvider" type="FirstlookAdmin.DomainEntities.FirstlookMemberProvider, FirstlookAdmin" />
</providers>
</membership>
<roleManager defaultProvider="FirstlookRoleProvider" enabled="true" cacheRolesInCookie="true">
<providers>
<clear/>
<add name="FirstlookRoleProvider" type="FirstlookAdmin.DomainEntities.FirstlookRoleProvider, FirstlookAdmin" />
</providers>
</roleManager>
就是这样。默认的授权行动过滤器将使用这些类。您仍然必须处理在登录页面的标志和签署。只需使用标准的表单验证类这就像你通常会。
That's it. The default authorization action filters will use these classes. You will still have to handle the login page sign in and sign off. Just use the standard forms authentication classes for this like you normally would.
这篇关于是否有可能创建一个登录系统的ASP.NET MVC,但不使用的MembershipProvider?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
