我有一个现有的Web应用程序,我将其移植到PhoneGap。我已经成功复制了这个,但我想知道跨域身份验证的最佳实践。我在这里应该提到现有的身份验证使用System.Web.Security,而我的PhoneGap应用程序正在与之通信的Web服务具有相同的性质。
目前,我已设置了Login功能,它将发布到我的登录方式:
[HttpPost]
public JsonResult Login(LoginModel viewModel)
{
string error = "";
if (!WebSecurity.IsAccountLockedOut(viewModel.UserName, 3, 60 * 60))
{
if (WebSecurity.Login(viewModel.UserName, viewModel.Password))
return Json(new { success = true });
error = "The user name or password provided is incorrect.";
}
else
error = "Too many failed login attempts. Please try again later.";
return Json(new { success = false, error });
}
这是从Javascript
function login(data, automated) {
$.ajax({
type: "POST",
url: "http://url/checkin/app/login",
content: "application/json; charset=utf-8",
dataType: "json",
data: data,
success: function(d) {
if (d.success == true) {
window.localStorage.setItem('UserName', data.UserName);
window.localStorage.setItem('Password', data.Password);
window.location = "index.html";
} else {
localStorage.clear();
if (!automated) {
app.showError(d.error);
}
}
},
error: function (xhr, textStatus, errorThrown) {
app.showError(errorThrown);
}
});
}
我希望这能正常工作,如果凭据正确,则返回success: true。转移到与服务的其他交互,这是我变得困惑的地方。我不希望 Membership.GetUser()工作:
[HttpPost]
public JsonResult CheckIn(int id)
{
var user = Membership.GetUser();
// Do stuff
}
这是怎么回事?更重要的是它安全吗?我应该以不同的方式处理这个问题吗?
当我登录网站的桌面版本(原始版本)时,在我的cookie中我有.ASPXAUTH值,而我的PhoneGap应用程序则不一样。这就是为什么我对它的运作方式感到困惑。
我的控制器上有Attribute,删除时会阻止应用程序登录。但是,我不确定这是否允许这种跨域身份验证?
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
public sealed class InitializeSimpleMembershipAttribute : ActionFilterAttribute
{
private static SimpleMembershipInitializer _initializer;
private static object _initializerLock = new object();
private static bool _isInitialized;
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
// Ensure ASP.NET Simple Membership is initialized only once per app start
LazyInitializer.EnsureInitialized(ref _initializer, ref _isInitialized, ref _initializerLock);
}
private class SimpleMembershipInitializer
{
public SimpleMembershipInitializer()
{
Database.SetInitializer<UsersContext>(null);
try
{
using (var context = new UsersContext())
{
if (!context.Database.Exists())
{
// Create the SimpleMembership database without Entity Framework migration schema
((IObjectContextAdapter)context).ObjectContext.CreateDatabase();
}
}
WebSecurity.InitializeDatabaseConnection("DefaultConnection", "UserProfile", "UserId", "UserName", autoCreateTables: true);
}
catch (Exception ex)
{
throw new InvalidOperationException("The ASP.NET Simple Membership database could not be initialized. For more information, please see http://go.microsoft.com/fwlink/?LinkId=256588", ex);
}
}
}
}