stackoom
  简体   繁体   中英

User registration and authentication

 原文  2013-12-28 14:55:43       authentication/ authorization/ registration/ asp.net-mvc-5/ asp.net-identity

Question

I develop a web application. It has a three-tier architecture (data access layer, a business logic layer and the presentation layer). A data access layer is implemented with a NHibernate ORM (S#arp Architecture). I have the following table: 

public partial class Role {
    public Role()
    {
        this.Users = new Iesi.Collections.Generic.HashedSet<User>();
    }

    public virtual long Id
    {
        get;
        set;
    }

    public virtual string Name
    {
        get;
        set;
    }

    public virtual Iesi.Collections.Generic.ISet<User> Users
    {
        get;
        set;
    }
}

public partial class User {

    public User()
    {
        this.Drivers = new Iesi.Collections.Generic.HashedSet<Driver>();
        this.UserPhotos = new Iesi.Collections.Generic.HashedSet<UserPhoto>();
        this.Roles = new Iesi.Collections.Generic.HashedSet<Role>();
    }

    public virtual long Id
    {
        get;
        set;
    }

    public virtual string Login
    {
        get;
        set;
    }

    public virtual string Email
    {
        get;
        set;
    }

    public virtual string Salt
    {
        get;
        set;
    }

    public virtual string Hash
    {
        get;
        set;
    }

    public virtual string Name
    {
        get;
        set;
    }

    public virtual Iesi.Collections.Generic.ISet<Driver> Drivers
    {
        get;
        set;
    }

    public virtual University University
    {
        get;
        set;
    }

    public virtual Iesi.Collections.Generic.ISet<UserPhoto> UserPhotos
    {
        get;
        set;
    }

    public virtual Iesi.Collections.Generic.ISet<Role> Roles
    {
        get;
        set;
    }
}

public partial class Driver {
    public Driver()
    {
        this.Trips = new Iesi.Collections.Generic.HashedSet<Trip>();
    }

    public virtual long Id
    {
        get;
        set;
    }

    public virtual Car Car
    {
        get;
        set;
    }


    public virtual User User
    {
        get;
        set;
    }

    public virtual Iesi.Collections.Generic.ISet<Trip> Trips
    {
        get;
        set;
    }
}

There is a User in the system. Table Driver inherits the user table. Each user in the system may have several roles.

I want to implement a few things.

1) User registration. Is it a correct way to implement this features? 

[Authorize]
public class AccountController : Controller
{
    private readonly IUserTasks userTasks;

    public AccountController(IUserTasks userTasks)
    {
        this.userTasks = userTasks;
    }

    // GET: /Account/Register
    [AllowAnonymous]
    public ActionResult Register()
    {
        return View();
    }

    // POST: /Account/Register
    [HttpPost]
    [AllowAnonymous]
    public ActionResult Register(RegisterViewModel model)
    {
        if (ModelState.IsValid)
        {
            var userToCreate = this.userTasks.Create(model);

            return View(customerToCreate);
        }

        return View(model);
    }
}

2) User authentication. Is it a correct way to implement this features? 

// GET: /Account/Login
[AllowAnonymous]
public ActionResult Login(string returnUrl)
{
    ViewBag.ReturnUrl = returnUrl;
    return View();
}

// POST: /Account/Login
[HttpPost]
[AllowAnonymous]
public ActionResult Login(LoginViewModel model, string returnUrl)
{
    if (ModelState.IsValid)
    {
        var user =  userTasks.Find(model.UserName, model.Password);
        if (user != null)
        {
            ///......
            return RedirectToLocal(returnUrl);
        }
        else
        {
            ModelState.AddModelError("", "Invalid username or password.");
        }
    }

    return View(model);
}

3) User authorization. User authorization. I want to write some attribute, for example, 

[Authorize(Roles = "Admin")]
public string Get(int id)
{
    return "value";
}

I do not know how to do it.

In many examples a new library Microsoft.AspNet.Identity is used. Should I use it? There is a implementation NHibernate.AspNet.Identity . However, I do not understand what benefit I get from this.

Also I do not know how to implement user authentication.

I'll be glad if you tell me a vector for further research.

1 answers

solution1
 1 ACCPTED  2013-12-29 16:30:00

You have 2 choices. Either:

As for authorization, Microsoft provides something called claims-based authorization which lets you define user and resource claims and define authorization constraints based on them. Have a look here: Using Claim-Based Authorization

Alternatively, you could look into XACML , the eXtensible Access Control Markup Language. That will require additional libraries outside the .NET framework though. XACML gives you policy-based, fine-grained authorization.

HTH

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question User registration and authentication in flutter User registration and authentication in asp .net Symfony 3 JWT authentication on user registration Django User Registration Authentication Problem R/shiny user registration/authentication User registration + authentication for microservices integrated with kong How to isolate authentication and user registration in Java/JSP Orchard CMS simple user registration/authentication cakephp simple user registration and authentication (register and login) Passport Authentication immediately after New User Registration
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM