html / Javascript客户端用户登录
[英]html/Javascript Clientside User Login
问题描述
I am adding authentication to my web application. 
我正在向我的Web应用程序添加身份验证。 It is an asp.net mvc single page application. 它是一个asp.net mvc单页应用程序。 Currently the web application is using the asp.net mvc for only one thing, authentication. 当前,Web应用程序仅将asp.net mvc用于身份验证。 I check the Request.IsAuthenticated in the AppController, if it isnt authenticated than I serve the login page (else I save the app.html page). 我检查AppController中的Request.IsAuthenticated,是否未通过身份验证,而不是我为登录页面提供服务(否则,我保存了app.html页面)。 In my AccountController I have the following Logon Action: 在我的AccountController中,我有以下登录操作:
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult LogOn(LogOnModel model, string returnUrl)
{
if (ModelState.IsValid)
{
//VALIDATE USER NAME AND PASSWORD
if (Repository_Security.CheckUser(model.UserName, model.Password))
{
FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/") && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\\\"))
{
return Redirect(returnUrl);
}
else
{
return RedirectToAction("Index", "App");
}
}
else
{
ModelState.AddModelError("", "The user name or password provided is incorrect.");
}
}
// If we got this far, something failed, redisplay form
return View(model);
}
Really its just taking a user name and password and validating against the database. 实际上,它只是使用用户名和密码并针对数据库进行验证。 Than sets the AuthCookie if it passes. 如果通过,则设置AuthCookie。
My question is, is this possible if I do this entirely clientside in the browser in javascript and ajax data calls? 我的问题是,如果我在浏览器中的javascript和ajax数据调用中完全在客户端执行此操作,这可能吗? Than be able to add a check in my clientside code to see if the user is authenticated, else throw them to a login page? 是否能够在我的客户端代码中添加检查以查看用户是否已通过身份验证,否则将其扔到登录页面?
Any ideas? 有任何想法吗? thanks. 谢谢。
3 个解决方案
解决方案1
1 已采纳 2012-10-28 21:04:33
Yes, and MVC is perfect for working clientside Ajax. 是的,MVC非常适合工作于客户端Ajax。
You can modify your controller to return JSON, and with a jquery ajax call you can process the returned json using clienside javascript. 您可以修改控制器以返回JSON,并通过jquery ajax调用可以使用clienside javascript处理返回的json。
Change the last line (return View(model)) to look something like the following 更改最后一行(返回View(模型)),使其类似于以下内容
return Json(new {IsSuccess=successVariable, RedirectUrl=myRedirectUrl, Message=failedErrorMessage});
Adjust your Redirect lines to instead set myRedirectUrl variable. 调整您的重定向行以设置myRedirectUrl变量。
Update 更新资料
If you want to get rid of MVC in your project (as it's an overkill for such a simple task), add a web service (asmx) to your site. 如果您想在项目中摆脱MVC(因为对于这样一个简单的任务来说这太过分了),请向您的站点添加Web服务(asmx)。 Inside create a webmethod similar to following: 在内部创建类似于以下内容的网络方法:
[WebMethod]
[ScriptMethod(ResponseFormat = ResponseFormat.Json)]
public LogonResponse Logon(LogonModel model){
... do login logic as your original code...
return new LogonResponse() { IsSuccess = successVar, RedirectUrl=myRedirectUrl, Message=failedErrorMsg};
}
解决方案2
0 2012-10-28 21:08:36
您也可以从客户端执行此操作...但是,如果您的应用程序需要完整的安全性,则此模型将带来许多安全漏洞。
解决方案3
0 2012-10-28 22:06:13
When you call FormsAuthentication.SetAuthCookie() it sends a Set-Cookie header back to the client so their browser can store the authentication cookie. 当您调用FormsAuthentication.SetAuthCookie()它会将Set-Cookie标头发送回客户端,以便其浏览器可以存储身份验证cookie。 You can just check for the existence of this cookie client-side with JavaScript. 您可以使用JavaScript检查该cookie客户端是否存在。 If it exists then continue, if it doesn't then do a redirect ( window.location.href ) to the login page, eg: 如果存在,则继续,如果不存在,则继续重定向( window.location.href )到登录页面,例如:
if (document.cookie.indexOf(".ASPXAUTH") >= 0) alert("You are logged in");
else window.location.href = "http://www.domain.com/login";
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.