[英]Authenticate without username and password
I have a database table with 4 columns (email, token, tokenDate (DateTime), isOnline (bool)) 我有一个包含4列的数据库表(电子邮件,令牌,tokenDate(DateTime),isOnline(布尔))
What I am trying to do in ASP.NET MVC is have an application where the user goes to a page like this Home/Index?email=xxxxx@xxxxxxx.com
and when they goto the page, they are login, now what I could do it when they goto the page is this: 我想在ASP.NET MVC中做的是有一个应用程序,用户可以转到该主页/ Home/Index?email=xxxxx@xxxxxxx.com
这样的页面Home/Index?email=xxxxx@xxxxxxx.com
,当他们转到该页面时,便可以登录,现在我可以当他们转到页面时执行以下操作:
isOnline
to true 标记isOnline
为true tokenDate
to DateTime.Now
将tokenDate
设置为DateTime.Now
token
and set that as token 创建一个随机token
并将其设置为令牌 And when someone else (or the same person) with the same email tries to goto the page 当其他人(或同一个人)使用相同的电子邮件尝试转到该页面时
isOnline
is marked as true
and the cookie does not exist and if it does check against the one in the database, if fails boot them out, if success, they can enter. 如果isOnline
标记为true
,并且cookie不存在,并且确实对数据库中的cookie进行了检查,则如果引导失败,则可以启动它们,如果成功,则可以进入它们。 My question is what token would I want to create so they original user is still authenticated so if they close their browser or goto another page they can still goto the main page where they authenticated? 我的问题是我想创建什么令牌,以便仍然对原始用户进行身份验证,因此,如果他们关闭浏览器或转到另一个页面,他们仍然可以转到经过身份验证的主页?
User goes to a page like this Home/Index?email=xxxxx@xxxxxxx.com
or User Types email in a text box 用户转到文本框中的主页/ Home/Index?email=xxxxx@xxxxxxx.com
或“用户类型”电子邮件之类的页面
STEP 1: 第1步:
DateTime.UtcNow
so that you can display later into local time of user. DateTime.UtcNow
以便以后可以显示到用户的本地时间。 Step 2: 第2步:
Now when user goes to Home/SomeOtherPage
or the authentication page Home/Index?email=xxxxx@xxxxxxx.com
现在,当用户转到Home/SomeOtherPage
或身份验证页Home/Index?email=xxxxx@xxxxxxx.com
Check if cookie with the name exist , if exist get the email and token values from cookie and check against the value in database , if token matches for the email then user is authenticated. 检查名称是否存在的cookie,如果存在,则从cookie获取电子邮件和令牌的值,并对照database中的值进行检查,如果令牌与电子邮件匹配,则对用户进行身份验证。
Edit cookie and Set another value in cookie saying if user is authenticated, So next time when user visits check the value of authenticated as this would eliminate hitting database again if user visit pages again. 编辑 cookie并在cookie中设置另一个值,说明用户是否已通过身份验证,因此,下次用户访问时,请检查authenticated的值,因为这样可以避免再次访问页面时再次访问数据库。
Note: 注意:
It would be better if you could encrypt the email while setting it in the cookie. 如果您可以在cookie中设置电子邮件的同时对其进行加密 ,那将更好。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.