通过调用外部ASP.NET Web Api服务在ASP.NET MVC Web应用程序中验证用户

时间:2021-05-21 03:36:34

I'm planning on making a restful web service using ASP.NET Web Api. A number of ASP.NET MVC web applications and possibly native apps will consume the service. The service will use ASP.NET Identity to authorise requests/users. I can see how I would use the service with native apps by passing a token with each request.

我打算使用ASP.NET Web Api创建一个安静的Web服务。许多ASP.NET MVC Web应用程序和可能的本机应用程序将使用该服务。该服务将使用ASP.NET标识来授权请求​​/用户。我可以看到如何通过传递每个请求的令牌来使用本机应用程序的服务。

My issue is with any ASP.NET MVC apps that consume the service, how will I mark a user as logged in after making a request to the service?

我的问题是任何使用该服务的ASP.NET MVC应用程序,如何在向服务发出请求后将用户标记为已登录?

Here's what I'd like, is it possible?

这是我想要的,有可能吗?

  • User isn't logged in, redirected to log in page
  • 用户未登录,已重定向到登录页面
  • User submits form which calls MVC controller in the app
  • 用户提交在应用程序中调用MVC控制器的表单
  • The controller makes a call to the web service
  • 控制器调用Web服务
  • The web service returns the id, name and roles of the user (JSON maybe?)
  • Web服务返回用户的ID,名称和角色(JSON可能?)
  • This is where I'm stuck: The ASP.NET MVC web application then marks the user as logged in for the whole MVC web app. The role will be used in any authorize attributes on any controllers/actions. The ASP.NET MVC web app will also be able to remember the user via a cookie and log them in automatically in the future.
  • 这就是我被困的地方:ASP.NET MVC Web应用程序然后将用户标记为登录整个MVC Web应用程序。该角色将用于任何控制器/操作的任何授权属性。 ASP.NET MVC Web应用程序还能够通过cookie记住用户,并在将来自动登录。

1 个解决方案

#1


0  

To set the cookie you just need:

要设置您只需要的cookie:

FormsAuthentication.SetAuthCookie(USERNAME, true /*rememberMe*/);

This solve your authentication issue. Authorization - determining what a user can and cannot do - is another story. You need to cache the roles a user is in somewhere and check them as needed.

这可以解决您的身份验证问授权 - 确定用户能做什么和不能做什么 - 是另一个故事。您需要缓存用户所在的角色并根据需要进行检查。

#1


0  

To set the cookie you just need:

要设置您只需要的cookie:

FormsAuthentication.SetAuthCookie(USERNAME, true /*rememberMe*/);

This solve your authentication issue. Authorization - determining what a user can and cannot do - is another story. You need to cache the roles a user is in somewhere and check them as needed.

这可以解决您的身份验证问授权 - 确定用户能做什么和不能做什么 - 是另一个故事。您需要缓存用户所在的角色并根据需要进行检查。