[英]User registration and authentication
I develop a web application. 我开发一个Web应用程序。 It has a three-tier architecture (data access layer, a business logic layer and the presentation layer).
它具有三层体系结构(数据访问层,业务逻辑层和表示层)。 A data access layer is implemented with a NHibernate ORM (S#arp Architecture).
数据访问层是使用NHibernate ORM(S#arp体系结构)实现的。 I have the following table:
我有下表:
public partial class Role {
public Role()
{
this.Users = new Iesi.Collections.Generic.HashedSet<User>();
}
public virtual long Id
{
get;
set;
}
public virtual string Name
{
get;
set;
}
public virtual Iesi.Collections.Generic.ISet<User> Users
{
get;
set;
}
}
public partial class User {
public User()
{
this.Drivers = new Iesi.Collections.Generic.HashedSet<Driver>();
this.UserPhotos = new Iesi.Collections.Generic.HashedSet<UserPhoto>();
this.Roles = new Iesi.Collections.Generic.HashedSet<Role>();
}
public virtual long Id
{
get;
set;
}
public virtual string Login
{
get;
set;
}
public virtual string Email
{
get;
set;
}
public virtual string Salt
{
get;
set;
}
public virtual string Hash
{
get;
set;
}
public virtual string Name
{
get;
set;
}
public virtual Iesi.Collections.Generic.ISet<Driver> Drivers
{
get;
set;
}
public virtual University University
{
get;
set;
}
public virtual Iesi.Collections.Generic.ISet<UserPhoto> UserPhotos
{
get;
set;
}
public virtual Iesi.Collections.Generic.ISet<Role> Roles
{
get;
set;
}
}
public partial class Driver {
public Driver()
{
this.Trips = new Iesi.Collections.Generic.HashedSet<Trip>();
}
public virtual long Id
{
get;
set;
}
public virtual Car Car
{
get;
set;
}
public virtual User User
{
get;
set;
}
public virtual Iesi.Collections.Generic.ISet<Trip> Trips
{
get;
set;
}
}
There is a User in the system. 系统中有一个用户 。 Table Driver inherits the user table.
表驱动程序继承用户表。 Each user in the system may have several roles.
系统中的每个用户可能具有多个角色。
I want to implement a few things. 我想实现一些事情。
1) User registration. 1)用户注册。 Is it a correct way to implement this features?
这是实现此功能的正确方法吗?
[Authorize]
public class AccountController : Controller
{
private readonly IUserTasks userTasks;
public AccountController(IUserTasks userTasks)
{
this.userTasks = userTasks;
}
// GET: /Account/Register
[AllowAnonymous]
public ActionResult Register()
{
return View();
}
// POST: /Account/Register
[HttpPost]
[AllowAnonymous]
public ActionResult Register(RegisterViewModel model)
{
if (ModelState.IsValid)
{
var userToCreate = this.userTasks.Create(model);
return View(customerToCreate);
}
return View(model);
}
}
2) User authentication. 2)用户认证。 Is it a correct way to implement this features?
这是实现此功能的正确方法吗?
// GET: /Account/Login
[AllowAnonymous]
public ActionResult Login(string returnUrl)
{
ViewBag.ReturnUrl = returnUrl;
return View();
}
// POST: /Account/Login
[HttpPost]
[AllowAnonymous]
public ActionResult Login(LoginViewModel model, string returnUrl)
{
if (ModelState.IsValid)
{
var user = userTasks.Find(model.UserName, model.Password);
if (user != null)
{
///......
return RedirectToLocal(returnUrl);
}
else
{
ModelState.AddModelError("", "Invalid username or password.");
}
}
return View(model);
}
3) User authorization. 3)用户授权。 User authorization.
用户授权。 I want to write some attribute, for example,
我想写一些属性,例如,
[Authorize(Roles = "Admin")]
public string Get(int id)
{
return "value";
}
I do not know how to do it. 我不知道怎么做。
In many examples a new library Microsoft.AspNet.Identity is used. 在许多示例中,使用了新库Microsoft.AspNet.Identity 。 Should I use it?
我应该使用它吗? There is a implementation NHibernate.AspNet.Identity .
有一个实现NHibernate.AspNet.Identity 。 However, I do not understand what benefit I get from this.
但是,我不明白我从中得到什么好处。
Also I do not know how to implement user authentication. 另外我也不知道如何实现用户认证。
I'll be glad if you tell me a vector for further research. 如果您告诉我进一步研究的载体,我将非常高兴。
You have 2 choices. 您有2个选择。 Either:
或者:
As for authorization, Microsoft provides something called claims-based authorization which lets you define user and resource claims and define authorization constraints based on them. 关于授权,Microsoft提供了一种称为基于声明的授权,它使您可以定义用户和资源声明并基于它们定义授权约束。 Have a look here: Using Claim-Based Authorization
在这里看看: 使用基于声明的授权
Alternatively, you could look into XACML , the eXtensible Access Control Markup Language. 另外,您可以研究XACML (可扩展访问控制标记语言)。 That will require additional libraries outside the .NET framework though.
但是,这将需要.NET框架之外的其他库。 XACML gives you policy-based, fine-grained authorization.
XACML为您提供基于策略的细粒度授权。
HTH HTH
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.