新网站创建和安全/身份验证, - 我应该使用ASP.net会员提供商吗?

时间:2022-04-29 05:34:37

There seem to many ways to skin this particular cat - but which is the best and easiest to implement. It would seem that the ASP.net Membership Provider is the one that will save more time, so my questions are:

似乎有很多方法可以为这只特殊的猫提供皮肤 - 但这是最​​好和最容易实现的方法。看起来ASP.net会员提供商会节省更多时间,所以我的问题是:

  1. What are the pros/cons of Membership?
  2. 会员的利弊是什么?

  3. How do you integrate the auto generated user db with your own custom made db? e.g customers/orders/products db. (We are talking MS Sql here BTW)
  4. 如何将自动生成的用户数据库与您自己定制的数据库集成?例如客户/订单/产品数据库。 (我们在这里谈论MS Sql BTW)

  5. Where can I find a good tutorial thats up do date?
  6. 我在哪里可以找到一个好的教程?

Many thanks.

3 个解决方案

#1


5  

Membership is lightweight and easy to set up. You can also use the various providers to use Active Directory or some other member location.

会员资格轻巧,易于设置。您还可以使用各种提供程序来使用Active Directory或其他某个成员位置。

You shouldn't need to integrate the databases, you can use one to authenticate users and then as long as they are valid, go query another database for the data. This is a good way to keep information seperate for security reasons.

您不需要集成数据库,您可以使用一个来验证用户,然后只要它们有效,就可以查询另一个数据库以获取数据。出于安全原因,这是保持信息分离的好方法。

For a good tutorial, I'd suggest: http://msdn.microsoft.com/en-us/library/yh26yfzy.aspx

对于一个很好的教程,我建议:http://msdn.microsoft.com/en-us/library/yh26yfzy.aspx

And if you want to create your own membership provider: http://www.asp.net/learn/videos/video-189.aspx

如果您想创建自己的会员提供商:http://www.asp.net/learn/videos/video-189.aspx

#2


3  

Overall I give it a thumbs up, but there are several minor cons I can think of:

总的来说,我竖起大拇指,但我可以想到几个小的缺点:

  • Roles are just strings, there's no way to attach additional information to them without rolling your own code.
  • 角色只是字符串,没有滚动自己的代码就无法将附加信息附加到它们。

  • Some of the Login controls don't set their default button properly, so hitting the "enter" key while in an input field does nothing. You can fix this by setting it yourself.
  • 某些Login控件未正确设置其默认按钮,因此在输入字段中按“enter”键不会执行任何操作。您可以通过自己设置来解决此问题。

  • No default way to require numbers in a password, just symbols.
  • 没有默认方式要求密码中的数字,只需要符号。

  • Login controls w/ SqlMembershipProvider don't display specific "user is locked out" messages.
  • 具有SqlMembershipProvider的登录控件不显示特定的“用户被锁定”消息。

Either a con or a pro, depends on your point of view:

con或pro,取决于你的观点:

  • User names are case-insensitive in the SqlMembershipProvider
  • 用户名在SqlMembershipProvider中不区分大小写

#3


1  

Tutorials - there are a series of good tutorials on the ASP.Net site. We have used the membership provider facilities, and have it integrated with our database - we use the "user name" value as a foreign key to our own tables with additional "business" information.

教程 - ASP.Net站点上有一系列很好的教程。我们使用了成员资格提供程序工具,并将其与我们的数据库集成 - 我们使用“用户名”值作为我们自己的表的外键以及其他“业务”信息。

The system works well with minimal coding.

该系统运行良好,编码最少。

#1


5  

Membership is lightweight and easy to set up. You can also use the various providers to use Active Directory or some other member location.

会员资格轻巧,易于设置。您还可以使用各种提供程序来使用Active Directory或其他某个成员位置。

You shouldn't need to integrate the databases, you can use one to authenticate users and then as long as they are valid, go query another database for the data. This is a good way to keep information seperate for security reasons.

您不需要集成数据库,您可以使用一个来验证用户,然后只要它们有效,就可以查询另一个数据库以获取数据。出于安全原因,这是保持信息分离的好方法。

For a good tutorial, I'd suggest: http://msdn.microsoft.com/en-us/library/yh26yfzy.aspx

对于一个很好的教程,我建议:http://msdn.microsoft.com/en-us/library/yh26yfzy.aspx

And if you want to create your own membership provider: http://www.asp.net/learn/videos/video-189.aspx

如果您想创建自己的会员提供商:http://www.asp.net/learn/videos/video-189.aspx

#2


3  

Overall I give it a thumbs up, but there are several minor cons I can think of:

总的来说,我竖起大拇指,但我可以想到几个小的缺点:

  • Roles are just strings, there's no way to attach additional information to them without rolling your own code.
  • 角色只是字符串,没有滚动自己的代码就无法将附加信息附加到它们。

  • Some of the Login controls don't set their default button properly, so hitting the "enter" key while in an input field does nothing. You can fix this by setting it yourself.
  • 某些Login控件未正确设置其默认按钮,因此在输入字段中按“enter”键不会执行任何操作。您可以通过自己设置来解决此问题。

  • No default way to require numbers in a password, just symbols.
  • 没有默认方式要求密码中的数字,只需要符号。

  • Login controls w/ SqlMembershipProvider don't display specific "user is locked out" messages.
  • 具有SqlMembershipProvider的登录控件不显示特定的“用户被锁定”消息。

Either a con or a pro, depends on your point of view:

con或pro,取决于你的观点:

  • User names are case-insensitive in the SqlMembershipProvider
  • 用户名在SqlMembershipProvider中不区分大小写

#3


1  

Tutorials - there are a series of good tutorials on the ASP.Net site. We have used the membership provider facilities, and have it integrated with our database - we use the "user name" value as a foreign key to our own tables with additional "business" information.

教程 - ASP.Net站点上有一系列很好的教程。我们使用了成员资格提供程序工具,并将其与我们的数据库集成 - 我们使用“用户名”值作为我们自己的表的外键以及其他“业务”信息。

The system works well with minimal coding.

该系统运行良好,编码最少。