最小为ASP数据库。NET MVC 3用户管理/会员

I am new to ASP.NET MVC 3 and am dealing with database inherited by me from Visual Studio master. There are lots of stored procedures and user roles like aspnet_Membership_BasicAccess, aspnet_Membership_FullAccess etc.

我是ASP新手。NET MVC 3和我正在处理Visual Studio master继承的数据库。有许多存储过程和用户角色，如aspnet_Membership_BasicAccess、aspnet_Membership_FullAccess等。

Do I really need all this?

我真的需要这些吗?

I can remember other MVC solutions, like Ruby on Rails's Devise authentication plugin: it needs only one-two tables and only one database access role - and it is still pretty secure.

我还记得其他的MVC解决方案，比如Ruby on Rails的设计验证插件:它只需要两个表和一个数据库访问角色——而且它仍然非常安全。

What is the minimal database structure to support ASP.NET MVC 3 user management?

支持ASP的最小数据库结构是什么?NET MVC 3用户管理?

3 个解决方案

#1

The short answer is Yes, you need all this, because the Membership system relies on all those sprocs and roles.

简而言之，您需要所有这些，因为成员系统依赖于所有这些sproc和角色。

The longer answer is, are you going to be using membership? If not, then no. If you're going to be using membership, are you going to be using SqlMembershipProvider? If so, then yes, you need those. If you're going to use the Universal providers instead, then you will need a different set tables and supporting configurations.

更长远的答案是，你会使用会员制吗?如果不是,那么没有。如果要使用成员关系，是否要使用SqlMembershipProvider?如果是的话，那么你需要这些。如果您打算使用Universal provider，那么您将需要不同的set表和支持配置。

So without knowing anything about what you're doing, all we can say is, if you don't understand why it's there, then don't mess with it.

所以，在不知道自己在做什么的情况下，我们能说的就是，如果你不明白它为什么存在，那就不要搞砸它。

I fail to understand why you mention Rails, as it's a totally different toolset and framework. It's like complaining that your motorcycle needs gas and oil when your bicycle doesn't (not that i'm saying Rails is less powerful, just saying it's different).

我不理解您为什么要提到Rails，因为它是一个完全不同的工具集和框架。这就像抱怨你的摩托车需要汽油和油，而你的自行车却不需要(我并不是说铁轨没那么强大，只是说它与众不同)。

ASP.NET MVC doesn't do user management by itself, but it does include some templates that rely on the default ASP.NET Membership system. In Visual Studio 2010 this uses SqlMembershipProvider by default, but in Visual Studio 2012 it uses the Universal Providers by default for MVC3, and SimpleMembership by default in MVC4.

ASP。NET MVC本身不做用户管理，但是它包含了一些依赖于默认ASP的模板。网会员制度。在Visual Studio 2010中，默认使用SqlMembershipProvider，但是在Visual Studio 2012中，默认使用MVC3的Universal provider，在MVC4中默认使用simplembership。

ASP.NET MVC doesn't know or care how you do your user management, it's not part of the framework. It delegates it via Authorization filters, which by default merely look at the ASP.NET IIdentity and IPrincipal.

ASP。NET MVC不知道或者不关心用户管理，它不是框架的一部分。它通过授权过滤器委托它，默认情况下，授权过滤器只查看ASP。净IIdentity和IPrincipal。

If you're going to do user management, you need to decide on how you're going to do that. Either roll it yourself (custom membership provider, custom IIdentity and IPrincpal provider, etc...), or use an existing membership provider (there are many, and Microsoft has at least a half dozen different ones). Or you can just choose to go with the defaults, in which case it's pretty much already in a pretty bare minimum situation.

如果你要做用户管理，你需要决定怎么做。要么自己卷它(自定义成员提供程序、自定义IIdentity和IPrincpal提供程序等等……)，要么使用现有的成员提供程序(有很多，微软至少有六种不同的成员程序)。或者你可以选择使用默认值，在这种情况下，它几乎已经处于一个非常简单的情况下。

#2

If you derive from the membership provider and create your own custom provider, you can implement a very minimal set of properties.

如果您从成员提供程序中派生并创建您自己的自定义提供程序，您可以实现一个非常小的属性集。

public class CustomMembershipProvider : MembershipProvider
{
    private string _appName;
    private bool _EnablePasswordReset;
    private bool _EnablePasswordRetrieval;
    private int _MaxInvalidPasswordAttempts;
    private int _MinRequiredNonalphanumericCharacters;
    private int _MinRequiredPasswordLength;
    private int _PasswordAttemptWindow;
    private MembershipPasswordFormat _PasswordFormat;
    private string _PasswordStrengthRegularExpression;
    private bool _RequiresQuestionAndAnswer;
    private bool _RequiresUniqueEmail;

    public override string ApplicationName
    {
        get
        {
            return this._appName;
        }
        set
        {
            this._appName = value;
        }
    }

    public override bool ChangePassword(string username, string oldPassword, string newPassword)
    {
        throw new NotImplementedException();
    }

    public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)
    {
        throw new NotImplementedException();
    }

    public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
    {
        throw new NotImplementedException();
    }

    public override bool DeleteUser(string username, bool deleteAllRelatedData)
    {
        throw new NotImplementedException();
    }

    public override bool EnablePasswordReset
    {
        get { return this._EnablePasswordReset; }
    }

    public override bool EnablePasswordRetrieval
    {
        get { return this._EnablePasswordRetrieval; }
    }

    public override MembershipUserCollection FindUsersByEmail(string emailToMatch, int pageIndex, int pageSize, out int totalRecords)
    {
        throw new NotImplementedException();
    }

    public override MembershipUserCollection FindUsersByName(string usernameToMatch, int pageIndex, int pageSize, out int totalRecords)
    {
        throw new NotImplementedException();
    }

    public override MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords)
    {
        throw new NotImplementedException();
    }

    public override int GetNumberOfUsersOnline()
    {
        throw new NotImplementedException();
    }

    public override string GetPassword(string username, string answer)
    {
        throw new NotImplementedException();
    }

    public override MembershipUser GetUser(string username, bool userIsOnline)
    {
        throw new NotImplementedException();
    }

    public override MembershipUser GetUser(object providerUserKey, bool userIsOnline)
    {
        throw new NotImplementedException();
    }

    public override string GetUserNameByEmail(string email)
    {
        throw new NotImplementedException();
    }

    public override int MaxInvalidPasswordAttempts
    {
        get { return this._MaxInvalidPasswordAttempts; }
    }

    public override int MinRequiredNonAlphanumericCharacters
    {
        get { return this._MinRequiredNonalphanumericCharacters; }
    }

    public override int MinRequiredPasswordLength
    {
        get { return this._MinRequiredPasswordLength; }
    }

    public override int PasswordAttemptWindow
    {
        get { return this._PasswordAttemptWindow; }
    }

    public override MembershipPasswordFormat PasswordFormat
    {
        get { return this._PasswordFormat; }
    }

    public override string PasswordStrengthRegularExpression
    {
        get { return this._PasswordStrengthRegularExpression; }
    }

    public override bool RequiresQuestionAndAnswer
    {
        get { return this._RequiresQuestionAndAnswer; }
    }

    public override bool RequiresUniqueEmail
    {
        get { return this._RequiresUniqueEmail; }
    }

    public override string ResetPassword(string username, string answer)
    {
        throw new NotImplementedException();
    }

    public override bool UnlockUser(string userName)
    {
        throw new NotImplementedException();
    }

    public override void UpdateUser(MembershipUser user)
    {
        throw new NotImplementedException();
    }

    public override bool ValidateUser(string username, string password)
    {
        //put your db code here.
    }
}

Then you need to modify your web.config file to call your new provider

然后您需要修改您的web。配置文件来调用新提供程序

<membership defaultProvider="CustomMembershipProvider">
  <providers>
    <clear/>
    <add name="CustomMembershipProvider"
         type="MembershipExample.Providers.CustomMembershipProvider, MembershipExample"
         enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
         maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
         applicationName="/" />
  </providers>
</membership>

You can also implement your own custom roleprovider if you have any specific role-based security

如果您有任何特定的基于角色的安全性，您也可以实现您自己的自定义roleprovider

#3

The one you are referring is a legacy Membership Provider in which tables are prefix with aspnet.

您所指的是遗留成员提供程序，其中的表前缀为aspnet。

New ASP.NET Universal Providers doesn't use Store Procedure anymore. Instead, it uses Entity Framework and it is a bit cleaner.

新的ASP。网络通用提供商不再使用存储过程。相反，它使用实体框架，而且更简洁。

If you want minimum database structure, you might want to look at SimpleMembership

如果想要最小的数据库结构，可以查看simplembership

#1