asp.net-mvc web.config 中的表单身份验证
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5342305/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Forms authentication in web.config
提问by Jyothi Srinivasa
I am using MVC3 and have put the user authentication in the web.config file. This is to bypass sqlserver authentication.
我正在使用 MVC3 并将用户身份验证放在 web.config 文件中。这是为了绕过 sqlserver 身份验证。
code as below in web.config:
web.config中的代码如下:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" >
<credentials passwordFormat="Clear">
<user name="test123" password="test123" />
</credentials>
</forms>
</authentication>
I tried login with the mentioned user id and password, I am getting error in the page as
我尝试使用提到的用户 ID 和密码登录,但在页面中出现错误
Login was unsuccessful. Please correct the errors and try again.
登录失败。请更正错误,然后重试。
* The user name or password provided is incorrect.
when I debug into the AccountController.cs file, failing at the MembershipService.ValidateUser(model.UserName, model.Password)method.
当我调试到 AccountController.cs 文件时,该MembershipService.ValidateUser(model.UserName, model.Password)方法失败。
回答by Alexander Prokofyev
If you examine standard ASP.NET MVC 3 AccountController.csand AccountModels.csfiles you'll learn what MembershipProvider.ValidateUsermethod is used internally (via Membership.Provider). If you want to store password in web.config you should use FormsAuthentication.Authenticatemethod instead.
如果您检查标准 ASP.NET MVC 3 AccountController.cs和AccountModels.cs文件,您将了解内部使用的MembershipProvider.ValidateUser方法(通过Membership.Provider)。如果你想在 web.config 中存储密码,你应该使用FormsAuthentication.Authenticate方法。
For example:
例如:
public class AuthorizationController : Controller
{
public ActionResult LogOn()
{
return View("LogOn");
}
[AcceptVerbs(HttpVerbs.Post)]
public ActionResult LogOn(string userName, string password,
bool rememberMe, string returnUrl)
{
if (!ValidateLogOn(userName, password))
return View("LogOn");
FormsAuthentication.SetAuthCookie(userName, rememberMe);
if (!string.IsNullOrEmpty(returnUrl))
return Redirect(returnUrl);
else
return RedirectToAction("Index", "News");
}
private bool ValidateLogOn(string userName, string password)
{
if (string.IsNullOrEmpty(userName))
ModelState.AddModelError("username", "User name required");
if (string.IsNullOrEmpty(password))
ModelState.AddModelError("password", "Password required");
if (ModelState.IsValid && !FormsAuthentication.
Authenticate(userName, password))
ModelState.AddModelError("_FORM", "Wrong user name or password");
return ModelState.IsValid;
}
public RedirectToRouteResult LogOff()
{
FormsAuthentication.SignOut();
return RedirectToAction("LogOn");
}
}
