我是否需要自定义成员资格提供程序才能将第三方身份验证集成到ASP.NET中？

I have an ASP.NET MVC application into which I have just integrated the RPX third-party federated identity system. The integration is working ok, but I'm having some difficulty wrapping my head around what to do with it at the ASP.NET level.

我有一个ASP.NET MVC应用程序,我刚刚集成了RPX第三方联合身份系统。集成工作正常,但是我在ASP.NET级别处理它有什么困难。

I'm pretty new to ASP.NET (I'm learning it with MVC), and I've discovered a little bit about the provider model for membership and profile data, and it seems incredibly complex (but equally powerful). The specific thing I'm struggling with is the persistence of the user to the database. I have so far been using the standard SqlMembershipProvider implementation, which has worked fine. However, I now want to do things like storing and checking a verification code in the database for email verification (in case the user's email address is listed as unverified by the RPX result), and persisting the returned data. Some of this is essential to authentication, such as the email address, whilst some of it is simply profile information (like the user's age, gender, etc.).

我是ASP.NET的新手(我正在用MVC学习它),我已经发现了一些关于成员资格和配置文件数据的提供者模型,它看起来非常复杂(但同样强大)。我正在努力解决的具体问题是用户对数据库的持久性。到目前为止,我一直在使用标准的SqlMembershipProvider实现,它运行良好。但是,我现在想要在数据库中存储和检查验证码以进行电子邮件验证(如果用户的电子邮件地址被RPX结果列为未验证),并保留返回的数据。其中一些对于身份验证至关重要,例如电子邮件地址,而其中一些只是个人资料信息(如用户的年龄,性别等)。

In the ASP.NET database, I have a bunch of other app-specific tables which I interact with via NHibernate. My understanding of the Membership/Profile stuff in ASP.NET is that it handles the persistence, and so I don't need to do anything with NHibernate to get this going.

在ASP.NET数据库中,我有一堆其他特定于应用程序的表,我通过NHibernate与之交互。我对ASP.NET中的Membership / Profile的理解是它处理持久性,因此我不需要对NHibernate做任何事情来实现这一点。

My aim is for the sign-on experience to be similar to *'s, but with a few extra bits (such as email verification). Do I need to build a full-on custom provider to be doing this, or can I bend the default SqlMembershipProvider to my will in an effective way?

我的目标是使登录体验类似于*,但需要一些额外的位(例如电子邮件验证)。我是否需要构建一个完全自定义的提供程序才能执行此操作,或者我是否可以有效地将默认的SqlMembershipProvider弯曲到我的意愿?

[Please also see my other question, regarding passwords in such an application.]

[另请参阅我的另一个问题,关于此类申请中的密码。]

1 个解决方案

#1

I've done similar work in the past just by creating a new provider class that inherits from SqlMembershipProvider, then overriding the methods I need to.

我过去做过类似的工作,只是创建一个继承自SqlMembershipProvider的新提供程序类,然后覆盖我需要的方法。

You can still call the base method implementation to do most of the work first, then execute whatever additional logic you need to in your derived class. Building a provider from scratch is a LOT of work, and should be your last resort only.

您仍然可以先调用基本方法实现来完成大部分工作,然后在派生类中执行您需要的任何其他逻辑。从头开始构建提供程序是很多工作,应该只是你的最后手段。

You can add a new table to the database with a key reference to aspnet_Membership - then you add your own stored procedures that you call from your derived provider methods to do whatever you need to this new table. This is better than adding columns to the membership schema, as it keeps your custom stuff decoupled.

您可以使用对aspnet_Membership的键引用向数据库添加新表 - 然后添加您自己的派生提供程序方法调用的存储过程,以执行此新表所需的任何操作。这比将列添加到成员资格模式更好,因为它可以使您的自定义资源分离。

You'll still need to investigate the SqlMembershipProvider class, in terms of what you need to override, but I think this approach will work for you, based on what you've described.

您仍然需要根据需要覆盖的内容调查SqlMembershipProvider类,但我认为这种方法将根据您所描述的内容为您工作。

#1