ASP.NET MVC身份登录，没有密码 [英] ASP.NET MVC Identity login without password

问题描述

我已经被赋予了这样一种方式，以冲浪myurl？用户名= XXXXXX将全自动登录用户XXXXXX，不要求密码。

I have been given the assignment of modifying an ASP.NET MVC application in such a way that surfing to myurl?username=xxxxxx would automaticly log in user xxxxxx, without asking for passwords.

我已经说得很清楚，这是许多与安全相关的原因和场景一个可怕的想法，但企业负责人被确定。该网站将不会公开。

I already made it very clear that this is a terrible idea for many security related reasons and scenarios, but the people in charge are determined. The site would not be publicly available.

所以：有例如通过登录没有密码延长Microsoft.AspNet.Identity.UserManager和修改的AccountController任何方式

So: is there any way of signing in without password by for example extending the Microsoft.AspNet.Identity.UserManager and modifying the AccountController?

有些code：

  var user = await _userManager.FindAsync(model.UserName, model.Password);
                    if (user != null && IsAllowedToLoginIntoTheCurrentSite(user))
                    {
                        user = _genericRepository.LoadById<User>(user.Id);
                        if (user.Active)
                        {
                            await SignInAsync(user, model.RememberMe);

_userManager持有Microsoft.AspNet.Identity.UserManager的一个实例。

_userManager holds an instance of a Microsoft.AspNet.Identity.UserManager.

和SignInAsync（）：

and SignInAsync():

 private async Task SignInAsync(User user, bool isPersistent)
    {
        AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);
        var identity = await _userManager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie);
        if (user.UserGroupId.IsSet())
            user.UserGroup = await _userManager.Load<UserGroup>(user.UserGroupId);

        //adding claims here ... //

        AuthenticationManager.SignIn(new AuthenticationProperties { IsPersistent = isPersistent }, new CustomClaimsIdentity(identity));
    }

好的AuthenticationManager会OwinSecurity。

AuthenticationManager would be OwinSecurity.

推荐答案

您只需要使用的UserManager按名称查找用户。如果你有一个记录，那么只需登录他们进来。

You just need to use the usermanager to find the user by name. If you have a record then just sign them in.

    public ActionResult StupidCompanyLogin()
    {

        return View();
    }

    [HttpPost]
    //[ValidateAntiForgeryToken] - Whats the point? F**k security 
    public async Task<ActionResult> StupidCompanyLogin(string name)
    {

        var user = await UserManager.FindByNameAsync(name);

        if (user != null)
        {

            await SignInManager.SignInAsync(user, true, true);
        }

        return View();
    }

这篇关于ASP.NET MVC身份登录，没有密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！