会员制的网站和移动应用程序 [英] Membership System for Website and Mobile Apps
问题描述
我目前工作的,将有一个网站和应用程序的移动设备的项目。我将需要一种方式来让用户登录到我的网站,以查看特定地区。我知道我需要建立一个WCF RESTful服务,但我坚持就如何继续创建用户。我最初打算使用内置的.NET会员,但是我越了解它听起来,如果我有很多用户的最糟糕的。然后,我想建立一个新的供应商,这将使我内置的.NET成员,但我想有更多的控制一切的一切功能。最后的想法是建立一个全会员制,但我担心我会失去的功能,内置的.NET会员制度。我基本上只是想找个人来点我的方向是正确的,并解释原因。
I am currently working on a project that will have a website and apps for mobile devices. I am going to need a way to let users login to my site to view certain areas. I know I will need to build a WCF RESTful service but I am stuck on how to proceed with creating the users. I was originally going to use the built in .NET Membership but the more I read about it the worst it sounded if I had a lot of users. I then was thinking of building a new provider which would give me all the functionality of the built in .NET Membership but I would have more control over everything. The last idea was to build a whole membership system, but I was worried I would loose the functionality of the built in .NET Membership system. I am basically just looking for someone to point me in the right direction and explain why.
现在我想处理这将是建立一个全会员制的最佳方式。我想我将有我的数据访问都通过我的网站会打电话和RESTful服务将调用后端一个WCF。我不知道的一种方式,现在我可以验证通过WCF一个用户名和密码。
Right now I am thinking the best way to handle this is going to be to build a whole membership system. I am thinking I am going to have my data access all through a WCF in the backend that my website would call and the RESTful service would call. I am not aware of a way right now that I can authenticate a users username and password through a WCF.
感谢您的输入。
推荐答案
我们做的这事在我们几个项目中,这里是我们如何完成它的摘要。请记住,这只是一种方法,而且我们也有过成功编写我们自己的成员提供。
We do this very thing in several of our projects, here is a summary of how we accomplish it. Keep in mind it's only one method, and we have also had success writing our own membership provider.
我们有3个主要项目:
- Data.project - 类库
- WebApp.project - MVC应用程序
- API.project - WCF服务
我们使用内置的.NET成员提供者,因为它存在的开箱即用。这给我们的基本注册,更改密码,角色管理,并且容易控制基于角色的权限和访问控制我们的MVC和API项目。
We use the built in .NET membership provider as it exists out of the box. This gives us the basic registration, password changes, role management, and the easy controller based role permission and access control in our MVC and API projects.
默认的成员资格提供程序将使用自己的表来存储用户数据。
The default membership provider will use its own tables to store the user data.
然后,我们创造我们自己的用户和个人资料表和数据结构的外键返回给用户的.NET membershipId。这使我们能够灵活地做所有我们需要做的用户配置文件,同时还让我们获得了默认提供的具体应用的东西。
We then create our own User and Profile tables and data structure with a foreign key back to the .NET membershipId of the user. This gives us the flexibility to do all of the application specific things we need to do with a user profile while still giving us access to the default provider.
认证是直线前进的MVC项目,你现在可以使用.NET成员方法,通过用户名和密码进行身份验证:
Authentication is straight forward in the MVC project, you can now use the .NET Membership methods to authenticate by username and password:
if(Membership.ValidateUser(username,password)){
FormsAuthentication.SetAuthCookie(username,password);
}
有关的WCF项目你没有FormsAuthentication的奢侈品,但你仍然可以使用默认的成员资格提供验证用户凭据。
For the WCF project you do not have the luxury of FormsAuthentication, but you can still use the default membership provider to validate the users credentials.
您如何处理身份验证后,这是给你和你的项目,但对于基本需求,我们一般去与WCF服务确认后返回的认证令牌。此令牌将包含在每个WCF的要求,以证明他们已经过验证,通常在请求头。
How you handle authentication after that is up to you and your project, but for basic needs we generally go with an authentication token that is returned by the WCF service after validation. This token is then included with each WCF request to prove they have been validated, usually in the request headers.
有关的WCF,我们立足64 EN code中的用户名和密码提交凭据到服务器时,那么,如果我们成功传回了身份验证令牌:
For WCF we base 64 encode the username and password when submitting the credentials to the server, then if successful we pass back the auth token:
string decoded = System.Text.Encoding.UTF8.GetString(System.Convert.FromBase64String(Authmodel));
//convert your string into your authentication model here then
if(Membership.ValidateUser(model.user,model.pass))
{
//return new authentication token
}
我们还包括登记的打造出了我们的专有用户和个人资料表,当时在额外的逻辑,这是在数据处理项目,使双方的WCF和MVC可以访问它。
We also include additional logic during registration that build out our proprietary user and profile tables at that time, this is handled in the data project so that both the WCF and MVC may access it.
此外,数据处理项目我们的用户和个人资料表和.NET会员资格的供应商表之间的连接,使得信息能够通过这两个应用程序进行访问。
Additionally, the data project handles the linking between our user and profile tables and that of the .NET Membership provider tables so the information can be accessed by both applications.
我知道这是所有相当模糊,但也许它可以帮助你想到的一个选项用于处理在一个统一的身份验证。如果您有关于特定部分的问题让我知道,我希望这个信息对您有用。
I realize that is all quite vague, but maybe it can help you think of one option for handling authentication in a unified way. If you have questions about a specific portion let me know and I hope this information is useful for you.
这篇关于会员制的网站和移动应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
