asp.net-mvc ASP.NET MVC 3 用户身份验证
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5463852/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
ASP.NET MVC 3 User Authentication
提问by Sam
What are some of the common methods to do simple user validation (account login)?
进行简单用户验证(帐户登录)的常用方法有哪些?
Also, can you have different authentication schemes per area?
另外,每个区域可以有不同的身份验证方案吗?
Edit
编辑
I am creating an eCommerce site that will need to have protected actions per user. So how would one go about doing this? It will need to be able to let only authenticated users access their information.
我正在创建一个电子商务网站,需要为每个用户提供受保护的操作。那么如何去做呢?它需要能够只让经过身份验证的用户访问他们的信息。
回答by Rion Williams
You have several options when it comes to doing authentication in MVC:
在 MVC 中进行身份验证时,您有多种选择:
- The built-it MVC Forms Authentication (Tutorial available hereand here)
- Using Forms Authentication with Cookies in MVC3 (Link here)
- Using Windows Authentication (Learn more here...)
- Mixed Mode Authentication (Using Windows / Forms Authentication together.)
- 内置的 MVC 表单身份验证(此处和此处提供教程)
- 在 MVC3 中使用带有 Cookie 的表单身份验证(链接在这里)
- 使用 Windows 身份验证(在此处了解更多信息...)
- 混合模式身份验证(同时使用 Windows / Forms 身份验证。)
The built in Forms Authentication can allow you to limit access to different areas of your application based on Role, User among other things and it is quite easy to implement using the [Authorize]attribute.
内置的表单身份验证可以允许您根据角色、用户等限制对应用程序不同区域的访问,并且使用[Authorize]属性很容易实现。
The following would require the user be logged in:
以下将要求用户登录:
[Authorize]
public ActionResult YourActionNameGoesHere()
{
}
Likewise, the following would require the user be logged in AND be an Administrator:
同样,以下要求用户登录并且是管理员:
[Authorize(Roles="Administrator")]
public ActionResult YourActionNameGoesHere()
{
}
Those were just a few methods of accomplishing it, as you can see there are MANYdifferent methods of accomplishing this - I hope this might have shed a bit of light in helping you decide.
这些只是实现它的几种方法,正如您所看到的,有许多不同的方法可以实现这一点 - 我希望这可能有助于您做出决定。
回答by Eric J.
According to the security expert on the MVC team
根据 MVC 团队的安全专家的说法
The only supported way of securing your MVC application is to have a base class with an [Authorize] attribute, and then to have each controller type subclass that base type. Any other way will open a security hole.
保护 MVC 应用程序的唯一受支持方法是拥有一个具有 [Authorize] 属性的基类,然后让每个控制器类型子类化该基类型。 任何其他方式都会打开安全漏洞。
http://blogs.msdn.com/b/rickandy/archive/2011/05/02/securing-your-asp-net-mvc-3-application.aspx
http://blogs.msdn.com/b/rickandy/archive/2011/05/02/securing-your-asp-net-mvc-3-application.aspx
回答by tugberk
please go to your model folder when you create a internet application with VS 2010. you will see a cs file there. that file holds a sample structure for User Authentication
当您使用 VS 2010 创建 Internet 应用程序时,请转到您的模型文件夹。您将在那里看到一个 cs 文件。该文件包含用户身份验证的示例结构
Remember that : ASP.NET MVC is not a separate framework. it sits on top of ASP.NET so you can use System.Web.Security.Membership class on MVC as well.
请记住:ASP.NET MVC 不是一个单独的框架。它位于 ASP.NET 之上,因此您也可以在 MVC 上使用 System.Web.Security.Membership 类。
Also, check your Account folder inside your view folder. you will some view samples there.
此外,检查您的视图文件夹中的帐户文件夹。您将在那里查看样品。
hope this helps.
希望这可以帮助。
