I was just wondering what were the best ways to write login and authentication in ASP.NET. To my knowledge, ways to authenticate are via:
我只是想知道在ASP.NET中编写登录和身份验证的最佳方法是什么。据我所知,验证的方法是:
- implementation of the ASP.NET Permissions Provider against SQL Server
- Writing your own function, starting a session for the user at login and clearing the session at logout.
针对SQL Server实现ASP.NET权限提供程序
编写自己的函数,在登录时为用户启动会话并在注销时清除会话。
Any other ideas?
还有其他想法吗?
Thanks.
5 个解决方案
#1
3
Use the ASP.NET Membership Provider.
使用ASP.NET成员资格提供程序。
ASP.NET membership supports facilities for:
ASP.NET成员资格支持以下设施:
- Creating new users and passwords.
- Storing membership information (user names, passwords, and supporting data) in Microsoft SQL Server, Active Directory, or an alternative data store.
- Authenticating users who visit your site. You can authenticate users programmatically, or you can use the ASP.NET login controls to create a complete authentication system that requires little or no code.
- Managing passwords, which includes creating, changing, and resetting them . Depending on membership options you choose, the membership system can also provide an automated password-reset system that takes a user-supplied question and response.
- Exposing a unique identification for authenticated users that you can use in your own applications and that also integrates with the ASP.NET personalization and role-management (authorization) systems.
- Specifying a custom membership provider, which allows you to substitute your own code to manage membership and maintain membership data in a custom data store.
创建新用户和密码。
在Microsoft SQL Server,Active Directory或备用数据存储中存储成员身份信息(用户名,密码和支持数据)。
验证访问您网站的用户。您可以以编程方式对用户进行身份验证,也可以使用ASP.NET登录控件创建一个完整的身份验证系统,该系统只需要很少的代码或不需要代
管理密码,包括创建,更改和重置密码。根据您选择的成员资格选项,会员系统还可以提供自动密码重置系统,该系统采用用户提供的问题和响应。
为经过身份验证的用户公开唯一标识,您可以在自己的应用程序中使用该标识,并且还可以与ASP.NET个性化和角色管理(授权)系统集成。
指定自定义成员资格提供程序,它允许您替换自己的代码来管理成员资格并维护自定义数据存储中的成员资格数据。
(Source: See top link.)
(来源:见顶部链接。)
#2
1
You can use the default MembershipProvider for SQLServer, or if you want there is also an interface you can implement to roll your own custom MemberhipProvider. The nice thing about doing it this way is there are controls that can consume such a provider.
您可以使用SQLServer的默认MembershipProvider,或者如果您需要,还可以实现一个界面来滚动您自己的自定义MemberhipProvider。这样做的好处是有些控件可以使用这样的提供程序。
#3
1
Definately stick to the ASP.NET Membership provider model, else you'll spend more time 'fighting the defaults' then you will actually trying to solve your original problem.
肯定会坚持使用ASP.NET成员资格提供程序模型,否则你将花费更多时间来“对抗默认值”,那么你将真正尝试解决原始问题。
If you really want to write your own provider have a look at the Provider Toolkit on MSDN. Which includes a set of sample Access Database providers. Microsoft are not locking you into sql server with this, do a search on the net and you'll find providers for most databases. Including:
如果您真的想编写自己的提供程序,请查看MSDN上的Provider Toolkit。其中包括一组示例Access数据库提供程序。微软没有用这个锁定你进入sql server,在网上搜索你会找到大多数数据库的提供者。包含:
Again, emphasizing everyones point so far, tell me what you can't do with this or that someone else has not already done?
再一次,强调每个人到目前为止,告诉我你不能做什么,或者其他人还没有做过?
#4
0
Your question is very broad.
你的问题非常广泛。
Yes, you can use the ASP.NET Membership provider.
是的,您可以使用ASP.NET成员资格提供程序。
Yes, you can use a 'session', on the server, and an identifier in the cookie or query string, to access that session, or you can do several other things.
是的,您可以在服务器上使用“会话”,在cookie或查询字符串中使用标识符来访问该会话,或者您可以执行其他一些操作。
It's hard to list 'all the ways', because you can effectively do whatever you want.
很难列出“所有方式”,因为你可以有效地做任何你想做的事情。
What sort of answer are you after, here?
你有什么样的答案,在这里?
#5
0
If it's a website for general public consider using OpenID. RPX should make it really easy.
如果它是一般公众的网站,请考虑使用OpenID。 RPX应该让它变得非常简单。
#1
3
Use the ASP.NET Membership Provider.
使用ASP.NET成员资格提供程序。
ASP.NET membership supports facilities for:
ASP.NET成员资格支持以下设施:
- Creating new users and passwords.
- Storing membership information (user names, passwords, and supporting data) in Microsoft SQL Server, Active Directory, or an alternative data store.
- Authenticating users who visit your site. You can authenticate users programmatically, or you can use the ASP.NET login controls to create a complete authentication system that requires little or no code.
- Managing passwords, which includes creating, changing, and resetting them . Depending on membership options you choose, the membership system can also provide an automated password-reset system that takes a user-supplied question and response.
- Exposing a unique identification for authenticated users that you can use in your own applications and that also integrates with the ASP.NET personalization and role-management (authorization) systems.
- Specifying a custom membership provider, which allows you to substitute your own code to manage membership and maintain membership data in a custom data store.
创建新用户和密码。
在Microsoft SQL Server,Active Directory或备用数据存储中存储成员身份信息(用户名,密码和支持数据)。
验证访问您网站的用户。您可以以编程方式对用户进行身份验证,也可以使用ASP.NET登录控件创建一个完整的身份验证系统,该系统只需要很少的代码或不需要代
管理密码,包括创建,更改和重置密码。根据您选择的成员资格选项,会员系统还可以提供自动密码重置系统,该系统采用用户提供的问题和响应。
为经过身份验证的用户公开唯一标识,您可以在自己的应用程序中使用该标识,并且还可以与ASP.NET个性化和角色管理(授权)系统集成。
指定自定义成员资格提供程序,它允许您替换自己的代码来管理成员资格并维护自定义数据存储中的成员资格数据。
(Source: See top link.)
(来源:见顶部链接。)
#2
1
You can use the default MembershipProvider for SQLServer, or if you want there is also an interface you can implement to roll your own custom MemberhipProvider. The nice thing about doing it this way is there are controls that can consume such a provider.
您可以使用SQLServer的默认MembershipProvider,或者如果您需要,还可以实现一个界面来滚动您自己的自定义MemberhipProvider。这样做的好处是有些控件可以使用这样的提供程序。
#3
1
Definately stick to the ASP.NET Membership provider model, else you'll spend more time 'fighting the defaults' then you will actually trying to solve your original problem.
肯定会坚持使用ASP.NET成员资格提供程序模型,否则你将花费更多时间来“对抗默认值”,那么你将真正尝试解决原始问题。
If you really want to write your own provider have a look at the Provider Toolkit on MSDN. Which includes a set of sample Access Database providers. Microsoft are not locking you into sql server with this, do a search on the net and you'll find providers for most databases. Including:
如果您真的想编写自己的提供程序,请查看MSDN上的Provider Toolkit。其中包括一组示例Access数据库提供程序。微软没有用这个锁定你进入sql server,在网上搜索你会找到大多数数据库的提供者。包含:
Again, emphasizing everyones point so far, tell me what you can't do with this or that someone else has not already done?
再一次,强调每个人到目前为止,告诉我你不能做什么,或者其他人还没有做过?
#4
0
Your question is very broad.
你的问题非常广泛。
Yes, you can use the ASP.NET Membership provider.
是的,您可以使用ASP.NET成员资格提供程序。
Yes, you can use a 'session', on the server, and an identifier in the cookie or query string, to access that session, or you can do several other things.
是的,您可以在服务器上使用“会话”,在cookie或查询字符串中使用标识符来访问该会话,或者您可以执行其他一些操作。
It's hard to list 'all the ways', because you can effectively do whatever you want.
很难列出“所有方式”,因为你可以有效地做任何你想做的事情。
What sort of answer are you after, here?
你有什么样的答案,在这里?
#5
0
If it's a website for general public consider using OpenID. RPX should make it really easy.
如果它是一般公众的网站,请考虑使用OpenID。 RPX应该让它变得非常简单。