不要将密码存储为.net成员身份

| 我在MVC 3 .net应用程序中使用内置的成员资格系统。在稍后的开发中,我将使用外部Web服务进行身份验证。因此,我只需要在成员资格系统中存储(唯一)用户名即可。可以通过Web服务检索所有其他用户信息。 因此,我想知道如何不存储密码?     
2020-03-10 3 条评论
分享

没有找到相关结果

    已邀请:

    感秆暴壳

    不用担心密码的存储,只需在创建用户时随机生成并存储密码即可。 让您的帐户控制器在登录方法中针对外部Web服务验证密码(如果正确),只需调用
    FormsAuthentication.SetAuthCookie(userName, false /*persistantCookie*/
    ),它将“登录”用户:) 边注: 如果您仅拥有现有用户的密码哈希/盐,是否可以将现有用户迁移到新的外部Web服务?     
    2020-03-10 0 0
    分享

    筷啸够对铅

    不知道我是否理解正确,但是我认为最好的解决方案是编写自定义成员资格提供程序。基本上,这只是一个具有一些基本成员资格提供程序覆盖的功能的类。在这里,您可以实现自己的用于注册,登录和注销的逻辑。 找到了我前一段时间使用的课程的示例。只需编写您自己的实现。另一个选择是从您的帐户控制器工作(也提到了haz),但是我总是倾向于不向控制器中实现太多逻辑,而让我的服务处理业务逻辑。 
        public class CustomMembershipProvider : MembershipProvider
    {
        private readonly IGenericService<User> _genericUserService;

        public CustomMembershipProvider(IGenericService<User> genericUserService)
        {
            _genericUserService = genericUserService;
        }

        public CustomMembershipProvider() : this(new GenericService<User>())
        {

        }

        public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
        {
            throw new NotImplementedException();
        }

        public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)
        {
            throw new NotImplementedException();
        }

        public override string GetPassword(string username, string answer)
        {
            throw new NotImplementedException();
        }

        public override bool ChangePassword(string username, string oldPassword, string newPassword)
        {
            throw new NotImplementedException();
        }

        public override string ResetPassword(string username, string answer)
        {
            throw new NotImplementedException();
        }

        public override void UpdateUser(MembershipUser user)
        {
            throw new NotImplementedException();
        }

        public override bool ValidateUser(string username, string password)
        {
            try
            {
                var encodedPassword = password.AsSha512();
                var user = _genericUserService.First(u => u.Email == username && u.Password == string.Empty );

                return user != null;
            }
            catch (Exception)
            {
                return false;
            }
        }

        public override bool UnlockUser(string userName)
        {
            throw new NotImplementedException();
        }

        public override MembershipUser GetUser(object providerUserKey, bool userIsOnline)
        {
            throw new NotImplementedException();
        }

        public override MembershipUser GetUser(string username, bool userIsOnline)
        {
            var user = _genericUserService.First(x => x.Email.Equals(username));

            var a = new MembershipUser(\"\", user.Firstname, user.Id, user.Email, \"\", \"\", true, user.Active,
                                       user.RegisteredOn, DateTime.Now, DateTime.Now, DateTime.Now, DateTime.Now);

            return a;
        }

        public override string GetUserNameByEmail(string email)
        {
            throw new NotImplementedException();
        }

        public override bool DeleteUser(string username, bool deleteAllRelatedData)
        {
            throw new NotImplementedException();
        }

        public override MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords)
        {
            throw new NotImplementedException();
        }

        public override int GetNumberOfUsersOnline()
        {
            throw new NotImplementedException();
        }

        public override MembershipUserCollection FindUsersByName(string usernameToMatch, int pageIndex, int pageSize, out int totalRecords)
        {
            throw new NotImplementedException();
        }

        public override MembershipUserCollection FindUsersByEmail(string emailToMatch, int pageIndex, int pageSize, out int totalRecords)
        {
            throw new NotImplementedException();
        }

        public override bool EnablePasswordRetrieval
        {
            get { throw new NotImplementedException(); }
        }

        public override bool EnablePasswordReset
        {
            get { throw new NotImplementedException(); }
        }

        public override bool RequiresQuestionAndAnswer
        {
            get { throw new NotImplementedException(); }
        }

        public override string ApplicationName
        {
            get { throw new NotImplementedException(); }
            set { throw new NotImplementedException(); }
        }

        public override int MaxInvalidPasswordAttempts
        {
            get { throw new NotImplementedException(); }
        }

        public override int PasswordAttemptWindow
        {
            get { throw new NotImplementedException(); }
        }

        public override bool RequiresUniqueEmail
        {
            get { throw new NotImplementedException(); }
        }

        public override MembershipPasswordFormat PasswordFormat
        {
            get { throw new NotImplementedException(); }
        }

        public override int MinRequiredPasswordLength
        {
            get { throw new NotImplementedException(); }
        }

        public override int MinRequiredNonAlphanumericCharacters
        {
            get { throw new NotImplementedException(); }
        }

        public override string PasswordStrengthRegularExpression
        {
            get { throw new NotImplementedException(); }
        }
    }
        
    2020-03-10 0 0
    分享
    为什么被折叠? 0 个回复被折叠

    要回复问题请先登录注册

    或代码 OrCode.com 备案号:粤ICP备15020848号-1
    Escape time: 0.035037994384766