无需用户名和密码即可进行身份验证
[英]Authenticate without username and password
问题描述
I have a database table with 4 columns (email, token, tokenDate (DateTime), isOnline (bool)) 
我有一个包含4列的数据库表(电子邮件,令牌,tokenDate(DateTime),isOnline(布尔))
What I am trying to do in ASP.NET MVC is have an application where the user goes to a page like this Home/Index?email=xxxxx@xxxxxxx.com and when they goto the page, they are login, now what I could do it when they goto the page is this: 我想在ASP.NET MVC中做的是有一个应用程序,用户可以转到该主页/ Home/Index?email=xxxxx@xxxxxxx.com这样的页面Home/Index?email=xxxxx@xxxxxxx.com ,当他们转到该页面时,便可以登录,现在我可以当他们转到页面时执行以下操作:
- Find the user in the database table 在数据库表中查找用户
- Mark
isOnlineto true标记isOnline为true - Set the
tokenDatetoDateTime.Now将tokenDate设置为DateTime.Now - Create a random
tokenand set that as token创建一个随机token并将其设置为令牌 - Create a web cookie with the same value as token 创建与令牌具有相同值的网络Cookie
And when someone else (or the same person) with the same email tries to goto the page 当其他人(或同一个人)使用相同的电子邮件尝试转到该页面时
- Find the user in the database table 在数据库表中查找用户
- If
isOnlineis marked astrueand the cookie does not exist and if it does check against the one in the database, if fails boot them out, if success, they can enter.如果isOnline标记为true,并且cookie不存在,并且确实对数据库中的cookie进行了检查,则如果引导失败,则可以启动它们,如果成功,则可以进入它们。
My question is what token would I want to create so they original user is still authenticated so if they close their browser or goto another page they can still goto the main page where they authenticated? 我的问题是我想创建什么令牌,以便仍然对原始用户进行身份验证,因此,如果他们关闭浏览器或转到另一个页面,他们仍然可以转到经过身份验证的主页?
1 个解决方案
解决方案1
1 已采纳 2017-11-15 05:39:13
User goes to a page like this Home/Index?email=xxxxx@xxxxxxx.com or User Types email in a text box 用户转到文本框中的主页/ Home/Index?email=xxxxx@xxxxxxx.com或“用户类型”电子邮件之类的页面
STEP 1: 第1步:
- Find the user in the database table if doesn't exist take to access denied page. 如果不存在,请在数据库表中找到该用户,然后进入拒绝访问页面。
- If exist Mark isOnline to true. 如果存在,则将isonline标记为true。
- Set the tokenDate to. 将tokenDate设置为。
DateTime.UtcNowso that you can display later into local time of user.DateTime.UtcNow以便以后可以显示到用户的本地时间。 - Create a random token using GUID and set that as token in database. 使用GUID创建随机令牌并将其设置为数据库中的令牌。
- Create a cookie to store multiple values one with the GUID value as token and another would be user email then set cookie expiry to years so doesn't expire even if user closes the browser. 创建一个cookie以存储多个值,其中一个以GUID值作为令牌,另一个则是用户电子邮件,然后将cookie到期时间设置为年,因此即使用户关闭浏览器也不会过期。
Step 2: 第2步:
Now when user goes to Home/SomeOtherPage or the authentication page Home/Index?email=xxxxx@xxxxxxx.com 现在,当用户转到Home/SomeOtherPage或身份验证页Home/Index?email=xxxxx@xxxxxxx.com
Check if cookie with the name exist , if exist get the email and token values from cookie and check against the value in database , if token matches for the email then user is authenticated.
检查名称是否存在的cookie,如果存在,则从cookie获取电子邮件和令牌的值,并对照database中的值进行检查,如果令牌与电子邮件匹配,则对用户进行身份验证。 Edit cookie and Set another value in cookie saying if user is authenticated, So next time when user visits check the value of authenticated as this would eliminate hitting database again if user visit pages again.
编辑 cookie并在cookie中设置另一个值,说明用户是否已通过身份验证,因此,下次用户访问时,请检查authenticated的值,因为这样可以避免再次访问页面时再次访问数据库。
Note: 注意:
It would be better if you could encrypt the email while setting it in the cookie. 如果您可以在cookie中设置电子邮件的同时对其进行加密 ,那将更好。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.