死者简单的ASP.NET MVC 5密码保护？ [英] Dead simple ASP.NET MVC 5 password protection?

问题描述

我对Azure上运行作为webrole一个ASP.NET MVC 5 Web应用程序。

I have an ASP.NET MVC 5 web application running on Azure as a webrole.

请问有什么办法可以轻松地密码保护整个网站？我不希望任何注册或账务处理，只是一个单一的密码才能进入该网站（也许是一个用户名，但是这不是必须的）。类似的东西到.htaccess文件。

Is there any way to easily password protect the entire website? I do not want any signup or account handling, just a single password to enter the site (and perhaps a username, but that's not required). Something similar to a .htaccess file.

有关ASP.NET MVC我期待在认证上的每一个例子是与实现code的一个巨大的量，天青似乎并不能够支持基​​本身份验证（至少不容易）。

Every example on authentication for ASP.NET MVC I'm looking at comes with an enormous amount of code to implement, and Azure does not seem to be able to support Basic Authentication (at least not easily).

推荐答案

您是对的，有在ASP.NET MVC中的基本身份验证不支持开箱即用。但是，你可以很容易地通过使用操作筛选添加，如所描述<一个href=\"http://www.ryadel.com/2014/12/08/http-basic-authentication-asp-net-mvc-using-custom-actionfilter/\"相对=nofollow>此处。首先，你需要创建一个动作过滤器：

You are right, there is no support for Basic Authentication in ASP.NET MVC out of the box. However, you can easily add it by using action filters, as described here. First you need to create an action filter:

public class BasicAuthenticationAttribute : ActionFilterAttribute
    {
        public string BasicRealm { get; set; }
        protected string Username { get; set; }
        protected string Password { get; set; }

        public BasicAuthenticationAttribute(string username, string password)
        {
            this.Username = username;
            this.Password = password;
        }

        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            var req = filterContext.HttpContext.Request;
            var auth = req.Headers["Authorization"];
            if (!String.IsNullOrEmpty(auth))
            {
                var cred = System.Text.ASCIIEncoding.ASCII.GetString(Convert.FromBase64String(auth.Substring(6))).Split(':');
                var user = new { Name = cred[0], Pass = cred[1] };
                if (user.Name == Username && user.Pass == Password) return;
            }
            var res = filterContext.HttpContext.Response;
            res.StatusCode = 401;
            res.AddHeader("WWW-Authenticate", String.Format("Basic realm=\"{0}\"", BasicRealm ?? "Ryadel"));
            res.End();
        }
    }

然后，你可以通过使用属性保护动作，控制器：

Then you can protect actions, controllers by using attributes:

[BasicAuthenticationAttribute("your-username", "your-password", BasicRealm = "your-realm")]
public class HomeController : BaseController
{
   ...
}

要保护整个网站，该过滤器添加到全局过滤器：

To protect the entire website, add this filter to global filters:

protected void Application_Start()
{
    ...
    GlobalFilters.Filters.Add(new BasicAuthenticationAttribute("your-username", "your-password"));
    ...
}

这篇关于死者简单的ASP.NET MVC 5密码保护？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！