如何使用远程API验证用户?
[英]How to Authenticate a user using a remote API?
问题描述
I have an MVC website which uses an API to authenticate the user, so when the user tries to log in, my server will redirect the login information to my api server in order to verify if the login was successful. 
我有一个MVC网站,该网站使用API来验证用户身份,因此当用户尝试登录时,我的服务器会将登录信息重定向到我的api服务器,以验证登录是否成功。 If it is, the user is able to enter the "private" section of the website. 如果是这样,则用户可以输入网站的“私人”部分。
All I want to do is verify with the API if the user is registered in the application and which type of user it is (admin or regular user). 我要做的就是用API验证用户是否在应用程序中注册,以及用户是哪种类型的用户(管理员或普通用户)。 Depending on the outcome, we would be allowed or not to see some pages. 根据结果,是否允许我们查看某些页面。
I am wondering how to do that and I hope you can clarify some things for me. 我想知道如何做到这一点,希望您能为我澄清一些事情。
My first option would be to use Forms authentication and its infrastructure and just change the way the server checks the credentials (verifying with the API instead of a DB). 我的第一个选择是使用表单身份验证及其基础结构,仅更改服务器检查凭据的方式(使用API而不是数据库进行验证)。 Is that possible? 那可能吗?
If this is not possible, can I use the method Application_AuthenticateRequest(object sender, EventArgs e) in my global.asax Or do I need to create my own IHttpModule? 如果无法做到这一点,是否可以在global.asax中使用方法Application_AuthenticateRequest(object sender,EventArgs e),还是需要创建自己的IHttpModule?
1 个解决方案
解决方案1
4 已采纳 2013-10-02 21:45:35
Use FormsAuthentication.SetAuthCookie(model.Username, false); 使用FormsAuthentication.SetAuthCookie(model.Username, false); and FormsAuthentication.SignOut(); 和FormsAuthentication.SignOut(); to get the job done. 完成工作。 Even though a lot of people recommend it I've never had to bother with a custom membership provider. 即使很多人推荐它,我也不必为自定义成员资格提供程序而烦恼。
The top answer from this question covers it MVC ASP.NET - Manually authorize someone and persist the authorization via Forms Authentication 这个问题的最高答案涵盖了它MVC ASP.NET-手动授权某人并通过Forms Authentication保留授权
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.