根据数据库对ASP.NET MVC 5进行身份验证

本文关键字:身份验证 MVC NET 数据库 ASP | 更新日期: 2023-09-27 18:28:25

我是ASP NET MVC authentication的新手,在我的web项目上遇到了问题

默认情况下(作为项目生成的结果)有一个具有Login方法的AccountController

[Authorize]
public class AccountController : Controller
{
    private UserService _userService;
    public UserService UserService{
        get { return _userService ?? (_userService = new UserService()); }
    }
    [HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    public async Task<ActionResult> Login(LoginViewModel model, string returnUrl){
        if (!ModelState.IsValid)
        {
            return View(model);
        }
        //the line with SignInManager is Default in project
        //var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false);
        //I have implemented my User service which checks in DB is there exists such a user with email and password and returns the same SignInStatus
        var result = UserService.Authenticate(model.Email, model.Password);
        switch (result)
        {
            case SignInStatus.Success:
                return RedirectToLocal(returnUrl);
            case SignInStatus.LockedOut:
                return View("Lockout");
            case SignInStatus.RequiresVerification:
                return RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe });
            case SignInStatus.Failure:
            default:
                ModelState.AddModelError("", "Invalid login attempt.");
                return View(model);
        }
    }
}

我的UserService实现:

public class UserService : IUserService
{
    public SignInStatus Authenticate(string email, string password)
    {
        if (string.IsNullOrEmpty(email) || string.IsNullOrEmpty(password))
        {
            return SignInStatus.Failure;
        }
        //TODO: perform authentication against DB account
        if (email == "mymail@mail.com" && password == "123")
        {
            return SignInStatus.Success;
        }
        else
        {
            return SignInStatus.Failure;
        }
    }
}

我在我的AdministrationController 上使用它和[Authorize]属性

public class AdministrationController : Controller
{
    // GET: Admin/Admin
    [Authorize]
    public ActionResult Index()
    {
        return View();
    }
}

当我通过http://localhost:53194/administration进入我的网站的管理区域时,它不需要任何身份验证(不显示登录屏幕)

如果我在我的方法上设置属性[Authorize(Roles = "Administrator")]

public class AdministrationController : Controller
{
    // GET: Admin/Admin
    [Authorize(Roles = "Administrator")]
    public ActionResult Index()
    {
        return View();
    }
}

登录屏幕出现。我设置了电子邮件密码。按下登录按钮,从AccountController进入Login方法,使用SignInStatus.Success 进入案例

但是登录屏幕仍然存在。它不会重定向到正常的管理屏幕。

你能告诉我如何实现这个身份验证吗。谢谢

根据数据库对ASP.NET MVC 5进行身份验证

您似乎没有在成功登录时设置身份验证cookie。因此,用户实际上会被重定向到Administration页面,但由于他没有有效的身份验证cookie,他会被重定向回登录表单

因此,请确保您设置了cookie:

case SignInStatus.Success:
    var user = new ApplicationUser
    {
        Email = model.Email,
        UserName = model.Email,
        ... set any other properties that you find convenient
    };
    await SignInManager.SignInAsync(user, false, false);
    return RedirectToLocal(returnUrl);
相关文章: