ASP.NET MVC and Login Authentication
I have searched many posts here regarding custom user authentication but none have addressed all of my concerns
I am new to ASP.NET MVC and have used traditional ASP.NET
-
You can write your authentication service by yourself. Here is a short story:
Your user model class(i.e.)
public class User { public int UserId { get; set; } public string Name { get; set; } public string Username { get; set; } public string Password { get; set; } public string Email { get; set; } public bool IsAdmin { get; set; } }Your Context class(i.e.)
public class Context : DbContext { public Context() { base.Configuration.LazyLoadingEnabled = false; } protected override void OnModelCreating(DbModelBuilder modelBuilder) { Database.SetInitializer(null); base.OnModelCreating(modelBuilder); modelBuilder.Conventions.Remove (); } public DbSet Users { get; set; } } Your user repository class(i.e.)
public class UserRepository { Context context = new Context(); public User GetByUsernameAndPassword(User user) { return context.Users.Where(u => u.Username==user.Username & u.Password==user.Password).FirstOrDefault(); } }And your user application class(i.e.)
public class UserApplication { UserRepository userRepo = new UserRepository(); public User GetByUsernameAndPassword(User user) { return userRepo.GetByUsernameAndPassword(user); } }Here is your account controller(i.e.)
public class AccountController : Controller { UserApplication userApp = new UserApplication(); SessionContext context = new SessionContext(); public ActionResult Login() { return View(); } [HttpPost] public ActionResult Login(User user) { var authenticatedUser = userApp.GetByUsernameAndPassword(user); if (authenticatedUser != null) { context.SetAuthenticationToken(authenticatedUser.UserId.ToString(),false, authenticatedUser); return RedirectToAction("Index", "Home"); } return View(); } public ActionResult Logout() { FormsAuthentication.SignOut(); return RedirectToAction("Index", "Home"); }And your SessionContext class(i.e.)
public class SessionContext { public void SetAuthenticationToken(string name, bool isPersistant, User userData) { string data = null; if (userData != null) data = new JavaScriptSerializer().Serialize(userData); FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, name, DateTime.Now, DateTime.Now.AddYears(1), isPersistant, userData.UserId.ToString()); string cookieData = FormsAuthentication.Encrypt(ticket); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, cookieData) { HttpOnly = true, Expires = ticket.Expiration }; HttpContext.Current.Response.Cookies.Add(cookie); } public User GetUserData() { User userData = null; try { HttpCookie cookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName]; if (cookie != null) { FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value); userData = new JavaScriptSerializer().Deserialize(ticket.UserData, typeof(User)) as User; } } catch (Exception ex) { } return userData; } }And finally add the following tag to your
tag in web.config file: And now you just need to insert
[Authorize]attribute on the head of each controller that needs authentication.like this:[Authorize] public class ClassController : Controller { ... }
加载中...
- 热议问题