用户注册和认证

Question

I develop a web application. 我开发一个Web应用程序。 It has a three-tier architecture (data access layer, a business logic layer and the presentation layer). 它具有三层体系结构（数据访问层，业务逻辑层和表示层）。 A data access layer is implemented with a NHibernate ORM (S#arp Architecture). 数据访问层是使用NHibernate ORM（S＃arp体系结构）实现的。 I have the following table: 我有下表：

public partial class Role {
    public Role()
    {
        this.Users = new Iesi.Collections.Generic.HashedSet<User>();
    }

    public virtual long Id
    {
        get;
        set;
    }

    public virtual string Name
    {
        get;
        set;
    }

    public virtual Iesi.Collections.Generic.ISet<User> Users
    {
        get;
        set;
    }
}

public partial class User {

    public User()
    {
        this.Drivers = new Iesi.Collections.Generic.HashedSet<Driver>();
        this.UserPhotos = new Iesi.Collections.Generic.HashedSet<UserPhoto>();
        this.Roles = new Iesi.Collections.Generic.HashedSet<Role>();
    }

    public virtual long Id
    {
        get;
        set;
    }

    public virtual string Login
    {
        get;
        set;
    }

    public virtual string Email
    {
        get;
        set;
    }

    public virtual string Salt
    {
        get;
        set;
    }

    public virtual string Hash
    {
        get;
        set;
    }

    public virtual string Name
    {
        get;
        set;
    }

    public virtual Iesi.Collections.Generic.ISet<Driver> Drivers
    {
        get;
        set;
    }

    public virtual University University
    {
        get;
        set;
    }

    public virtual Iesi.Collections.Generic.ISet<UserPhoto> UserPhotos
    {
        get;
        set;
    }

    public virtual Iesi.Collections.Generic.ISet<Role> Roles
    {
        get;
        set;
    }
}

public partial class Driver {
    public Driver()
    {
        this.Trips = new Iesi.Collections.Generic.HashedSet<Trip>();
    }

    public virtual long Id
    {
        get;
        set;
    }

    public virtual Car Car
    {
        get;
        set;
    }


    public virtual User User
    {
        get;
        set;
    }

    public virtual Iesi.Collections.Generic.ISet<Trip> Trips
    {
        get;
        set;
    }
}

There is a User in the system. 系统中有一个用户。 Table Driver inherits the user table. 表驱动程序继承用户表。 Each user in the system may have several roles. 系统中的每个用户可能具有多个角色。

I want to implement a few things. 我想实现一些事情。

1) User registration. 1）用户注册。 Is it a correct way to implement this features? 这是实现此功能的正确方法吗？

[Authorize]
public class AccountController : Controller
{
    private readonly IUserTasks userTasks;

    public AccountController(IUserTasks userTasks)
    {
        this.userTasks = userTasks;
    }

    // GET: /Account/Register
    [AllowAnonymous]
    public ActionResult Register()
    {
        return View();
    }

    // POST: /Account/Register
    [HttpPost]
    [AllowAnonymous]
    public ActionResult Register(RegisterViewModel model)
    {
        if (ModelState.IsValid)
        {
            var userToCreate = this.userTasks.Create(model);

            return View(customerToCreate);
        }

        return View(model);
    }
}

2) User authentication. 2）用户认证。 Is it a correct way to implement this features? 这是实现此功能的正确方法吗？

// GET: /Account/Login
[AllowAnonymous]
public ActionResult Login(string returnUrl)
{
    ViewBag.ReturnUrl = returnUrl;
    return View();
}

// POST: /Account/Login
[HttpPost]
[AllowAnonymous]
public ActionResult Login(LoginViewModel model, string returnUrl)
{
    if (ModelState.IsValid)
    {
        var user =  userTasks.Find(model.UserName, model.Password);
        if (user != null)
        {
            ///......
            return RedirectToLocal(returnUrl);
        }
        else
        {
            ModelState.AddModelError("", "Invalid username or password.");
        }
    }

    return View(model);
}

3) User authorization. 3）用户授权。 User authorization. 用户授权。 I want to write some attribute, for example, 我想写一些属性，例如，

[Authorize(Roles = "Admin")]
public string Get(int id)
{
    return "value";
}

I do not know how to do it. 我不知道怎么做。

In many examples a new library Microsoft.AspNet.Identity is used. 在许多示例中，使用了新库Microsoft.AspNet.Identity 。 Should I use it? 我应该使用它吗？ There is a implementation NHibernate.AspNet.Identity . 有一个实现NHibernate.AspNet.Identity 。 However, I do not understand what benefit I get from this. 但是，我不明白我从中得到什么好处。

Also I do not know how to implement user authentication. 另外我也不知道如何实现用户认证。

I'll be glad if you tell me a vector for further research. 如果您告诉我进一步研究的载体，我将非常高兴。

Answer 1

You have 2 choices. 您有2个选择。 Either: 或者：

you use OWIN as explained in Setting up Forms Authentication for multiple Web Apps in MVC 5 based on OWIN 您使用OWIN，如基于OWIN在MVC 5中为多个Web应用程序设置表单身份验证中所述
you use traditional form-based authentication. 您使用传统的基于表单的身份验证。 See here: MVC 5 External authentication with authentication mode=Forms 请参阅此处： MVC 5使用身份验证模式=表单的外部身份验证

As for authorization, Microsoft provides something called claims-based authorization which lets you define user and resource claims and define authorization constraints based on them. 关于授权，Microsoft提供了一种称为基于声明的授权，它使您可以定义用户和资源声明并基于它们定义授权约束。 Have a look here: Using Claim-Based Authorization 在这里看看：使用基于声明的授权

Alternatively, you could look into XACML , the eXtensible Access Control Markup Language. 另外，您可以研究XACML （可扩展访问控制标记语言）。 That will require additional libraries outside the .NET framework though. 但是，这将需要.NET框架之外的其他库。 XACML gives you policy-based, fine-grained authorization. XACML为您提供基于策略的细粒度授权。

HTH HTH

用户注册和认证

问题描述

1 个解决方案

解决方案1
1 已采纳 2013-12-29 16:30:00

用户注册和认证

问题描述

1 个解决方案

解决方案1 1 已采纳 2013-12-29 16:30:00

解决方案1
1 已采纳 2013-12-29 16:30:00