我正在为朋友开发一个相当简单的网站,并希望使用.Net会员身份验证提供一些管理员访问功能。
答案 0 :(得分:2)
当然,您只需要滚动自己的MembershipProvider和RoleProvider来读取XML文件而不是数据库。 MembershipProvider和RoleProvider有许多必须被覆盖的属性和函数,但实际上只需要少数几个属性和函数才能使其正常运行 - 我留下了许多函数来添加新用户等等。抛出一个不受支持的异常,因为我直接在数据库中编辑用户信息。
答案 1 :(得分:1)
pjabbott给出了正确答案,但我想我会展示我提出的代码,以提供更完整的答案。顺便说一句,这就像你可能做到的那样简单。
我创建了一个继承自System.Web.Security.MembershipProvider的类,如下所示。
namespace MySolution
{
public class MembershipProvider : System.Web.Security.MembershipProvider
{
public override string ApplicationName
{
get
{
return "PopupGallery";
}
set
{
throw new NotImplementedException();
}
}
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
throw new NotImplementedException();
}
public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)
{
throw new NotImplementedException();
}
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
{
throw new NotImplementedException();
}
public override bool DeleteUser(string username, bool deleteAllRelatedData)
{
throw new NotImplementedException();
}
public override bool EnablePasswordReset
{
get { return false; }
}
public override bool EnablePasswordRetrieval
{
get { return false; }
}
public override MembershipUserCollection FindUsersByEmail(string emailToMatch, int pageIndex, int pageSize, out int totalRecords)
{
throw new NotImplementedException();
}
public override MembershipUserCollection FindUsersByName(string usernameToMatch, int pageIndex, int pageSize, out int totalRecords)
{
throw new NotImplementedException();
}
public override MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords)
{
throw new NotImplementedException();
}
public override int GetNumberOfUsersOnline()
{
throw new NotImplementedException();
}
public override string GetPassword(string username, string answer)
{
throw new NotImplementedException();
}
public override MembershipUser GetUser(string username, bool userIsOnline)
{
throw new NotImplementedException();
}
public override MembershipUser GetUser(object providerUserKey, bool userIsOnline)
{
throw new NotImplementedException();
}
public override string GetUserNameByEmail(string email)
{
throw new NotImplementedException();
}
public override int MaxInvalidPasswordAttempts
{
get { return 20; }
}
public override int MinRequiredNonAlphanumericCharacters
{
get { return 0; }
}
public override int MinRequiredPasswordLength
{
get { return 6; }
}
public override int PasswordAttemptWindow
{
get { throw new NotImplementedException(); }
}
public override MembershipPasswordFormat PasswordFormat
{
get { throw new NotImplementedException(); }
}
public override string PasswordStrengthRegularExpression
{
get { throw new NotImplementedException(); }
}
public override bool RequiresQuestionAndAnswer
{
get { throw new NotImplementedException(); }
}
public override bool RequiresUniqueEmail
{
get { throw new NotImplementedException(); }
}
public override string ResetPassword(string username, string answer)
{
throw new NotImplementedException();
}
public override bool UnlockUser(string userName)
{
throw new NotImplementedException();
}
public override void UpdateUser(MembershipUser user)
{
throw new NotImplementedException();
}
public override bool ValidateUser(string username, string password)
{
if (username == ConfigurationManager.AppSettings["Username"] &&
password == ConfigurationManager.AppSettings["Password"])
{
return true;
}
else
{
return false;
}
}
}
}
然后我将以下条目添加到我的web.config文件中以将其全部连接起来。
<appSettings>
<add key="Username" value="admin"/>
<add key="Password" value="password"/>
</appSettings>
<system.web>
<membership defaultProvider="CustomMembershipProvider"
userIsOnlineTimeWindow="30">
<providers>
<remove name="AspNetSqlProvider" />
<add name="CustomMembershipProvider"
type="MySolution.MembershipProvider"
enablePasswordRetrieval="false"
enablePasswordReset="false"
requiresQuestionAndAnswer="false"
passwordFormat="Hashed"
applicationName="/" />
</providers>
</membership>
<authentication mode="Forms"/>
</system.web>
答案 2 :(得分:0)
是的,您可以实施自己的自定义成员资格和角色提供程序来对任何数据存储进行身份验证/授权。