简体繁体 English

您如何实现ASP.NET角色提供程序？

[英]How do you implement an ASP.NET role provider?

原文 2011-03-25 15:33:04 2 3 c#/ asp.net/ asp.net-mvc/ asp.net-mvc-3/ asp.net-membership

I've got a few top-level questions about ASP.NET Membership and Role providers. 我有一些有关ASP.NET成员资格和角色提供程序的顶级问题。 I've done some searching but am having a hard time finding some layman tutorials. 我已经进行了一些搜索，但是很难找到一些外行教程。 I have been coding in ASP.NET for a while now but the only real experience I have with authentication is the use of FormsAuthentication.SetAuthCookie(usernameFromDatabase, false); 我已经在ASP.NET中编码了一段时间了，但是我对身份验证的唯一真正体验是使用FormsAuthentication.SetAuthCookie(usernameFromDatabase, false);

When I use the SetAuthCookie() method above am I using the ASP.NET Membership Provider? 当我使用上面的SetAuthCookie()方法时，我是在使用ASP.NET成员资格提供程序吗？ Correct me if I'm wrong please but I don't think I am. 如果我错了，请纠正我，但我不认为我是错的。 I am just setting an authentication cookie right? 我只是设置一个身份验证Cookie对吗？ I usually implement my own custom methods in my data repositories like GetUser_ByUsername(string username) which then talks to the ORM and gets the right user. 我通常在自己的数据存储库中实现自己的自定义方法，例如GetUser_ByUsername(string username) ，然后与ORM对话并获取合适的用户。

Do the Membership and Role Providers have their own data storage? 成员资格和角色提供者是否有自己的数据存储？
What if I want to use my own data storage? 如果我想使用自己的数据存储该怎么办？
Do I need to implement my own membership/role provider, and how would one go about doing that? 我是否需要实现自己的成员资格/角色提供者，并且该如何做呢？
Or is my way of just setting the auth cookie and then using my own retrieval methods, etc, the best way of doing a custom membership/role provider? 还是我只设置auth cookie，然后使用自己的检索方法等方式，这是做自定义成员资格/角色提供程序的最佳方法？

I'm just looking for a brief tutorial/explanation of this system. 我只是在寻找这个系统的简短教程/说明。 If you have any good references for me to look at I will happily take a look :) 如果您有什么好的推荐给我看，我会很高兴地看看:)

3 个解决方案

Implementing a membership provider is not too hard. 实施成员资格提供程序并不难。 Note that you only need to implement the methods that you plan to actually use. 请注意，您只需要实现计划实际使用的方法。 The membership provider should be viewed as a means to interact with your user information from an authentication perspective. 从身份验证的角度来看，应将成员资格提供者视为与您的用户信息进行交互的一种方式。 It won't create the auth cookie for you; 它不会为您创建身份验证Cookie。 you do that after a successful call to the ValidateUser method on the provider. 您可以在成功调用提供程序上的ValidateUser方法之后执行此操作。 It will allow you to develop an application against the provider interface and easily change which provider you want to use via configuration rather than rewriting the application code. 它将允许您根据提供程序界面开发应用程序，并通过配置轻松地更改要使用的提供程序，而不必重写应用程序代码。 I've successfully implemented several different membership providers, using my own schema, which support built-in and hybrid built-in/active directory authentication. 我已经使用我自己的模式成功实现了几个不同的成员资格提供程序，它们支持内置和内置/主动混合目录身份验证。 More info available via the links below: 通过以下链接可获得更多信息：

Article: http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx 文章： http : //msdn.microsoft.com/en-us/library/f1kyba5e.aspx
Sample Implementation Description: http://msdn.microsoft.com/en-us/library/44w5aswa.aspx 示例实现说明： http : //msdn.microsoft.com/zh-cn/library/44w5aswa.aspx
Sample Code: http://msdn.microsoft.com/en-us/library/6tc47t75.aspx 示例代码： http : //msdn.microsoft.com/en-us/library/6tc47t75.aspx

SetAuthCookie() works with the Forms Authentication framework within ASP.NET which you can then adapt for integration with a membership provider. SetAuthCookie()与ASP.NET中的“表单身份验证”框架一起使用，然后您可以调整该框架以与成员资格提供程序集成。

Do the Membership and Role Providers have their own data storage? 成员资格和角色提供者是否有自己的数据存储？

They can, yes. 他们可以，是的。 There is an abstract implementation that you can subclass for your specific data needs. 有一个抽象的实现，可以根据您的特定数据需求进行子类化。 There is a SqlMembershipProvider you can use right out of the box, you just need a database to point to and create the needed tables. 有一个SqlMembershipProvider您可以直接使用它，您只需要一个数据库即可指向并创建所需的表。 There is quite a bit of information on that class, like here or here . 关于该类的信息很多，例如here或here 。

What if I want to use my own data storage? 如果我想使用自己的数据存储该怎么办？

The SqlMembershipProvider does, but check out this alternative MySQL framework if you're interested in seeing how another DBMS does it. SqlMembershipProvider可以，但是如果您想了解另一个DBMS是如何做的，请查看此替代MySQL框架。

Do I need to implement my own membership/role provider, and how would one go about doing that? 我是否需要实现自己的成员资格/角色提供者，并且该如何做呢？

Using the built-in ones is pretty easy, but a lot of shops roll their own so that they can use existing tables. 使用内置表很容易，但是许多商店会自行滚动以使用现有表。 You'll need to implement this class . 您需要实现此类。

Or is my way of just setting the auth cookie and then using my own retrieval methods, etc, the best way of doing a custom membership/role provider? 还是我只设置auth cookie，然后使用自己的检索方法等方式，这是做自定义成员资格/角色提供程序的最佳方法？

In all likelihood you'll need a stronger system, and a custom membership provider is a good idea. 很可能您需要一个更强大的系统，并且自定义成员资格提供者是一个好主意。

1 - Yes, if you use the built in membership/role providers they use tables created either in a separate database or an existing one. 1-是的，如果您使用内置的成员资格/角色提供程序，则它们使用在单独的数据库或现有数据库中创建的表。 You use the tool aspnet_regsql.exe to create these tables - it walks you through a wizard. 您使用工具aspnet_regsql.exe创建这些表-它会引导您完成向导。 Alternatively, it can also be called from the command-line with different arguments in order to skip the wizard. 或者，也可以从命令行使用不同的参数调用它，以跳过向导。 This is some info from MS about creating the necessary DB/tables within your DB. 这是MS提供的有关在数据库中创建必要的数据库/表的信息。

2 - You can do that, but you have to implement a custom membership provider, which isn't really difficult. 2-您可以这样做，但是您必须实现自定义成员资格提供程序，这并不困难。 Here and here are some tutorials. 这里和这里有一些教程。

3 - You don't necessarily need to unless you either want to use your own data stores or you need functionality from it that isn't present in the built-in providers. 3-不一定需要，除非您想要使用自己的数据存储，或者需要内置提供程序中不存在的功能。

4 - I would say you're better off using the built-in functionality ASP.NET provides for membership and roles. 4-我会说，最好使用ASP.NET为成员资格和角色提供的内置功能。