发表新帖
发表新帖

Parse Database Authorization - Security For User Objects

后端 未结
关注
1 1288
你的背包
你的背包 2021-01-16 08:22

I have an ASP.NET MVC 4 web application where i use Parse as database in the back-end (https://www.parse.com/) and C# as programming language.

I use ParseUser class

相关标签:
1条回答
  • 攒了一身酷
    2021-01-16 09:04

    The Parse SDK for .NET assumes you are building an app that is running on one device per user - it's not designed to integrate with ASP.NET.

    From the docs:

    Whenever you use any signup or login methods, the user is cached on disk.

    ParseUser.CurrentUser is a static method that returns the cached user from the latest call to a signup or login method. This is why in your code, after one user logs in, everybody else that makes a request is also logged in as that user!

    I am attempting to integrate Parse with an ASP.NET MVC site I'm currently developing. My plan to work around this limitation is to set the authentication cookie after logging in with Parse, then log out the user (their authentication cookie will still be set though).

    [HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Login(LoginModel model, string returnUrl)
{
    ParseUser user;

    try
    {
        user = await ParseUser.LogInAsync(model.UserName, model.Password);
    }
    catch (ParseException e)
    {
        ModelState.AddModelError("", "The user name or password provided is incorrect.");
        return View(model);
    }

    FormsAuthentication.SetAuthCookie(user.Username, model.RememberMe);
    ParseUser.LogOut();

    return RedirectToLocal(returnUrl);
}

    The Register method looks like this:

    [HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Register(RegisterModel model)
{
    if (ModelState.IsValid)
    {
        // Attempt to register the user
        try
        {
            var user = new ParseUser
            {
                Username = model.UserName,
                Password = model.Password,
            };

            await user.SignUpAsync();

            FormsAuthentication.SetAuthCookie(model.UserName, false);
            ParseUser.LogOut();
            return RedirectToAction("Index", "Home");
        }
        catch (ParseException e)
        {
            ModelState.AddModelError("", e.Message);
        }
    }

    // If we got this far, something failed, redisplay form
    return View(model);
}
    0 讨论(0)
 看不清?
提交回复
热议问题