如何解决不要将密码存储为.net成员身份
| 我在MVC 3 .net应用程序中使用内置的成员资格系统。在稍后的开发中,我将使用外部Web服务进行身份验证。因此,我只需要在成员资格系统中存储(唯一)用户名即可。可以通过Web服务检索所有其他用户信息。 因此,我想知道如何不存储密码?解决方法
不用担心密码的存储,只需在创建用户时随机生成并存储密码即可。
让您的帐户控制器在登录方法中针对外部Web服务验证密码(如果正确),只需调用
FormsAuthentication.SetAuthCookie(userName,false /*persistantCookie*/
),它将“登录”用户:)
边注:
如果您仅拥有现有用户的密码哈希/盐,是否可以将现有用户迁移到新的外部Web服务?
,不知道我是否理解正确,但是我认为最好的解决方案是编写自定义成员资格提供程序。基本上,这只是一个具有一些基本成员资格提供程序覆盖的功能的类。在这里,您可以实现自己的用于注册,登录和注销的逻辑。
找到了我前一段时间使用的课程的示例。只需编写您自己的实现。另一个选择是从您的帐户控制器工作(也提到了haz),但是我总是倾向于不向控制器中实现太多逻辑,而让我的服务处理业务逻辑。
public class CustomMembershipProvider : MembershipProvider
{
private readonly IGenericService<User> _genericUserService;
public CustomMembershipProvider(IGenericService<User> genericUserService)
{
_genericUserService = genericUserService;
}
public CustomMembershipProvider() : this(new GenericService<User>())
{
}
public override MembershipUser CreateUser(string username,string password,string email,string passwordQuestion,string passwordAnswer,bool isApproved,object providerUserKey,out MembershipCreateStatus status)
{
throw new NotImplementedException();
}
public override bool ChangePasswordQuestionAndAnswer(string username,string newPasswordQuestion,string newPasswordAnswer)
{
throw new NotImplementedException();
}
public override string GetPassword(string username,string answer)
{
throw new NotImplementedException();
}
public override bool ChangePassword(string username,string oldPassword,string newPassword)
{
throw new NotImplementedException();
}
public override string ResetPassword(string username,string answer)
{
throw new NotImplementedException();
}
public override void UpdateUser(MembershipUser user)
{
throw new NotImplementedException();
}
public override bool ValidateUser(string username,string password)
{
try
{
var encodedPassword = password.AsSha512();
var user = _genericUserService.First(u => u.Email == username && u.Password == string.Empty );
return user != null;
}
catch (Exception)
{
return false;
}
}
public override bool UnlockUser(string userName)
{
throw new NotImplementedException();
}
public override MembershipUser GetUser(object providerUserKey,bool userIsOnline)
{
throw new NotImplementedException();
}
public override MembershipUser GetUser(string username,bool userIsOnline)
{
var user = _genericUserService.First(x => x.Email.Equals(username));
var a = new MembershipUser(\"\",user.Firstname,user.Id,user.Email,\"\",true,user.Active,user.RegisteredOn,DateTime.Now,DateTime.Now);
return a;
}
public override string GetUserNameByEmail(string email)
{
throw new NotImplementedException();
}
public override bool DeleteUser(string username,bool deleteAllRelatedData)
{
throw new NotImplementedException();
}
public override MembershipUserCollection GetAllUsers(int pageIndex,int pageSize,out int totalRecords)
{
throw new NotImplementedException();
}
public override int GetNumberOfUsersOnline()
{
throw new NotImplementedException();
}
public override MembershipUserCollection FindUsersByName(string usernameToMatch,int pageIndex,out int totalRecords)
{
throw new NotImplementedException();
}
public override MembershipUserCollection FindUsersByEmail(string emailToMatch,out int totalRecords)
{
throw new NotImplementedException();
}
public override bool EnablePasswordRetrieval
{
get { throw new NotImplementedException(); }
}
public override bool EnablePasswordReset
{
get { throw new NotImplementedException(); }
}
public override bool RequiresQuestionAndAnswer
{
get { throw new NotImplementedException(); }
}
public override string ApplicationName
{
get { throw new NotImplementedException(); }
set { throw new NotImplementedException(); }
}
public override int MaxInvalidPasswordAttempts
{
get { throw new NotImplementedException(); }
}
public override int PasswordAttemptWindow
{
get { throw new NotImplementedException(); }
}
public override bool RequiresUniqueEmail
{
get { throw new NotImplementedException(); }
}
public override MembershipPasswordFormat PasswordFormat
{
get { throw new NotImplementedException(); }
}
public override int MinRequiredPasswordLength
{
get { throw new NotImplementedException(); }
}
public override int MinRequiredNonAlphanumericCharacters
{
get { throw new NotImplementedException(); }
}
public override string PasswordStrengthRegularExpression
{
get { throw new NotImplementedException(); }
}
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。