web.config中的表單身份驗證

Question

我正在使用MVC3並將用戶身份驗證放在web.config文件中。這是爲了繞過sqlserver認證。如下

代碼在web.config中：

<authentication mode="Forms"> 
     <forms loginUrl="~/Account/LogOn" timeout="2880" > 
     <credentials passwordFormat="Clear"> 
      <user name="test123" password="test123" /> 
     </credentials> 
     </forms> 
</authentication> 

我試着用所提到的用戶ID和密碼登錄，我收到錯誤的頁面

登錄不成功。請更正錯誤並重試。

* The user name or password provided is incorrect. 

當我調試到AccountController.cs文件，失敗在MembershipService.ValidateUser(model.UserName, model.Password)方法。

Answer 1

如果檢查標準的ASP.NET MVC 3 AccountController.cs和AccountModels.cs文件，你會學到什麼MembershipProvider.ValidateUser方法在內部使用（通過Membership.Provider）。如果您想在web.config中存儲密碼，則應該使用FormsAuthentication.Authenticate方法。

例如：

public class AuthorizationController : Controller 
{ 
    public ActionResult LogOn() 
    { 
     return View("LogOn"); 
    } 

    [AcceptVerbs(HttpVerbs.Post)] 
    public ActionResult LogOn(string userName, string password, 
     bool rememberMe, string returnUrl) 
    { 
     if (!ValidateLogOn(userName, password)) 
      return View("LogOn"); 

     FormsAuthentication.SetAuthCookie(userName, rememberMe); 

     if (!string.IsNullOrEmpty(returnUrl)) 
      return Redirect(returnUrl); 
     else 
      return RedirectToAction("Index", "News"); 

    } 

    private bool ValidateLogOn(string userName, string password) 
    { 
     if (string.IsNullOrEmpty(userName)) 
      ModelState.AddModelError("username", "User name required"); 

     if (string.IsNullOrEmpty(password)) 
      ModelState.AddModelError("password", "Password required"); 

     if (ModelState.IsValid && !FormsAuthentication. 
      Authenticate(userName, password)) 
      ModelState.AddModelError("_FORM", "Wrong user name or password"); 

     return ModelState.IsValid; 
    } 

    public RedirectToRouteResult LogOff() 
    { 
     FormsAuthentication.SignOut(); 

     return RedirectToAction("LogOn"); 
    } 
}