2015-07-20 172 views
17

我是ASP.NET MVC 5的新手,我發現身份驗證+授權框架非常不舒服。我知道這是ASP.NET MVC框架的一個新特性,所以我想要應用另一種方式在應用程序中實現身份驗證。沒有ASP.NET身份的OWIN Cookie身份驗證

可能嗎?我讀了我可以使用FormsAuthenticationModule。這是一個很好的選擇嗎?我如何在基於MVC 5的應用程序中使用它?

+0

OWin認證框架的重點在於它是完全模塊化的。只需運行'Install-Package Microsoft.Owin.Security.Cookies'並將其安裝在您的'IAppBuilder'上。 – Aron

+0

爲什麼你不想使用身份? OWIN是注入認證的新方式。如果你不喜歡它,建立你自己的OWIN模塊並注入那個模塊?身份是驗證用戶身份的新方法。如果你不喜歡整個社交認證部分,那就不要使用它。 FormsAuthentication是一種很老的方式。 –

+0

親切地檢查我的答案在這裏:http://stackoverflow.com/questions/26485575/它可能會幫助你 – Monah

回答

20

當我看一下Identity時,我有同樣的感覺。它增加了很多不必要的抽象,並且不適合我的情況,我擁有實現定製認證工作流程的遺留系統。

這裏有大量關於默認使用Identity和EF的OWIN身份驗證的示例,這使得開發人員感到困惑,OWIN必須使用Identity和Entity Framework。

但從技術上講,您只能刪除身份以僅使用OWIN Cookie身份驗證(Microsoft.Owin.Security.Cookies)。該代碼就非常簡單,下面是例子,我從我的代碼得到消除瑣碎的事情:

[HttpPost] 
public ActionResult Login(LoginViewModel model, string returnUrl) 
{ 
    var user = _userService.GetByEmail(model.Email); 

    //check username and password from database, naive checking: 
    //password should be in SHA 
    if (user != null && (user.Password == model.Password)) 
    { 
     var claims = new[] { 
       new Claim(ClaimTypes.Name, user.Name), 
       new Claim(ClaimTypes.Email, user.Email), 
       // can add more claims 
      }; 

     var identity = new ClaimsIdentity(claims, "ApplicationCookie"); 

     // Add roles into claims 
     var roles = _roleService.GetByUserId(user.Id); 
     if (roles.Any()) 
     { 
      var roleClaims = roles.Select(r => new Claim(ClaimTypes.Role, r.Name)); 
      identity.AddClaims(roleClaims); 
     } 

     var context = Request.GetOwinContext(); 
     var authManager = context.Authentication; 

     authManager.SignIn(new AuthenticationProperties 
       { IsPersistent = model.RememberMe }, identity); 

     return RedirectToAction("Index", "Home"); 
    } 
    // login failed.    
} 

public ActionResult LogOut() 
{ 
    var ctx = Request.GetOwinContext(); 
    var authManager = ctx.Authentication; 

    authManager.SignOut("ApplicationCookie"); 
    return RedirectToAction("Login"); 
} 
+0

謝謝你的傢伙,這是完美的!但是......我需要爲用戶處理角色,是否有可能使用您的方法? – davioooh

+0

@ davioooh:是的,可以處理角色,如表單身份驗證,我更新了我的代碼,將更多角色添加到聲明中 –

+1

完美!非常感謝你! – davioooh

1

不使用Owin安全方法: 伊茨我的控制器編碼

[HttpPost] 
     [ValidateAntiForgeryToken] 
     public ActionResult Login(Employee emp, string returnUrl) 
      { 
      using(AdaptiveProjectEntities db = new AdaptiveProjectEntities()) 
      { 
       string email = emp.Email; 
       // byte[] en = System.Text.Encoding.UTF8.GetBytes(emp.Password); 
       //var ee = Convert.ToBase64String(en); 
       string pass = emp.Password; 

       bool userValid = db.Employees.Any(user => user.Email == email && user.Password == pass); 
        if(userValid) 
        { 
         FormsAuthentication.SetAuthCookie(email, false); 



         if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/") 
        && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\")) 
       { 
        return Redirect(returnUrl); 
       } 
       else 
       { 

        return RedirectToAction("Index", "Projects"); 
       } 
      } 
      else 
      { 
       ModelState.AddModelError("", "The user name or password provided is incorrect."); 
      } 
        } 



      return View(emp); 

     } 
     public ActionResult Logout() 
     { 
      FormsAuthentication.SignOut(); 
      return RedirectToAction("Login", "Login"); 
     } 
    } 
} 

查看:

<div class="container" style="margin-right:50%"> 
    <div class="row"> 
     <div class="col-md-12 col-md-offset-7" style="bottom:-250px"> 
      <div class="panel panel-default" style="margin-right:15%"> 
       <div class="panel-heading" style="padding-bottom:5%"> 

        <center><h3 style="margin-right:80px">Login</h3></center> 
        @*</div>*@ 
        @using (Html.BeginForm()) 
        { 
         <div class="modal-body"> 

          @Html.AntiForgeryToken() 

          <div class="form-horizontal" style="margin-right: 10%;"> 
           @Html.ValidationSummary(true, "", new { @class = "text-danger" }) 


           <div class="form-group"> 
            @Html.LabelFor(model => model.Email, htmlAttributes: new { @class = "control-label col-md-3" }) 
            <div class="col-md-9"> 
             @Html.EditorFor(model => model.Email, new { htmlAttributes = new { @class = "form-control", type = "email", required = "required" } }) 
             @Html.ValidationMessageFor(model => model.Email, "", new { @class = "text-danger" }) 
            </div> 
           </div> 
           <div class="form-group"> 
            @Html.LabelFor(model => model.Password, htmlAttributes: new { @class = "control-label col-md-3" }) 
            <div class="col-md-9"> 
             @Html.EditorFor(model => model.Password, new { htmlAttributes = new { @class = "form-control", type = "password", required = "required" } }) 
             @Html.ValidationMessageFor(model => model.Password, "", new { @class = "text-danger" }) 
            </div> 
           </div> 

          </div> 
          <div> 
           <input class="btn btn-primary pull-left col-lg-offset-1" type="submit" value="Login" style="margin-left:35%" /> 
          </div> 

         </div> 


        } 
       </div> 
      </div> 
     </div> 
     </div> 
    </div> 
    </div>