问题描述
|
我在MVC 3 .net应用程序中使用内置的成员资格系统。在稍后的开发中,我将使用外部Web服务进行身份验证。因此,我只需要在成员资格系统中存储(唯一)用户名即可。可以通过Web服务检索所有其他用户信息。
因此,我想知道如何不存储密码?
解决方法
不用担心密码的存储,只需在创建用户时随机生成并存储密码即可。
让您的帐户控制器在登录方法中针对外部Web服务验证密码(如果正确),只需调用
FormsAuthentication.SetAuthCookie(userName,false /*persistantCookie*/
),它将“登录”用户:)
边注:
如果您仅拥有现有用户的密码哈希/盐,是否可以将现有用户迁移到新的外部Web服务?
,不知道我是否理解正确,但是我认为最好的解决方案是编写自定义成员资格提供程序。基本上,这只是一个具有一些基本成员资格提供程序覆盖的功能的类。在这里,您可以实现自己的用于注册,登录和注销的逻辑。
找到了我前一段时间使用的课程的示例。只需编写您自己的实现。另一个选择是从您的帐户控制器工作(也提到了haz),但是我总是倾向于不向控制器中实现太多逻辑,而让我的服务处理业务逻辑。
public class CustomMembershipProvider : MembershipProvider
{
private readonly IGenericService<User> _genericUserService;
public CustomMembershipProvider(IGenericService<User> genericUserService)
{
_genericUserService = genericUserService;
}
public CustomMembershipProvider() : this(new GenericService<User>())
{
}
public override MembershipUser CreateUser(string username,string password,string email,string passwordQuestion,string passwordAnswer,bool isApproved,object providerUserKey,out MembershipCreateStatus status)
{
throw new NotImplementedException();
}
public override bool ChangePasswordQuestionAndAnswer(string username,string newPasswordQuestion,string newPasswordAnswer)
{
throw new NotImplementedException();
}
public override string GetPassword(string username,string answer)
{
throw new NotImplementedException();
}
public override bool ChangePassword(string username,string oldPassword,string newPassword)
{
throw new NotImplementedException();
}
public override string ResetPassword(string username,string answer)
{
throw new NotImplementedException();
}
public override void UpdateUser(MembershipUser user)
{
throw new NotImplementedException();
}
public override bool ValidateUser(string username,string password)
{
try
{
var encodedPassword = password.AsSha512();
var user = _genericUserService.First(u => u.Email == username && u.Password == string.Empty );
return user != null;
}
catch (Exception)
{
return false;
}
}
public override bool UnlockUser(string userName)
{
throw new NotImplementedException();
}
public override MembershipUser GetUser(object providerUserKey,bool userIsOnline)
{
throw new NotImplementedException();
}
public override MembershipUser GetUser(string username,bool userIsOnline)
{
var user = _genericUserService.First(x => x.Email.Equals(username));
var a = new MembershipUser(\"\",user.Firstname,user.Id,user.Email,\"\",true,user.Active,user.RegisteredOn,DateTime.Now,DateTime.Now);
return a;
}
public override string GetUserNameByEmail(string email)
{
throw new NotImplementedException();
}
public override bool DeleteUser(string username,bool deleteAllRelatedData)
{
throw new NotImplementedException();
}
public override MembershipUserCollection GetAllUsers(int pageIndex,int pageSize,out int totalRecords)
{
throw new NotImplementedException();
}
public override int GetNumberOfUsersOnline()
{
throw new NotImplementedException();
}
public override MembershipUserCollection FindUsersByName(string usernameToMatch,int pageIndex,out int totalRecords)
{
throw new NotImplementedException();
}
public override MembershipUserCollection FindUsersByEmail(string emailToMatch,out int totalRecords)
{
throw new NotImplementedException();
}
public override bool EnablePasswordRetrieval
{
get { throw new NotImplementedException(); }
}
public override bool EnablePasswordReset
{
get { throw new NotImplementedException(); }
}
public override bool RequiresQuestionAndAnswer
{
get { throw new NotImplementedException(); }
}
public override string ApplicationName
{
get { throw new NotImplementedException(); }
set { throw new NotImplementedException(); }
}
public override int MaxInvalidPasswordAttempts
{
get { throw new NotImplementedException(); }
}
public override int PasswordAttemptWindow
{
get { throw new NotImplementedException(); }
}
public override bool RequiresUniqueEmail
{
get { throw new NotImplementedException(); }
}
public override MembershipPasswordFormat PasswordFormat
{
get { throw new NotImplementedException(); }
}
public override int MinRequiredPasswordLength
{
get { throw new NotImplementedException(); }
}
public override int MinRequiredNonAlphanumericCharacters
{
get { throw new NotImplementedException(); }
}
public override string PasswordStrengthRegularExpression
{
get { throw new NotImplementedException(); }
}
}