我正在使用默认的MVC 5项目,我保护以下方法,因此只有以“foobar”登录的用户才能访问它。这个特殊用户将存在于普通数据库之外(并在web.config中定义,但现在它是硬连线的)
[Authorize(Users = "foobar")]
public ActionResult Install()
{
//setup database;
return View();
}
我正在检查foobar的登录方法,如果检测到,我想登录它们,然后将它们重定向到Install操作。
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
if (model.UserName.ToLower().Trim() == "foobar" && model.Password == "pass")
{
//create an Idenity named foobar and log them in
return RedirectToAction("Install");
答案 0 :(得分:-1)
string username = model.username;
string password = model.password;
// This is where you do your super user check against the config file
bool userValid = true; // compare id and password against config.
// this is a bad idea, back door user is a security hole that can be exploited
if (userValid)
{
//this will set the identity and the cookie for your user
FormsAuthentication.SetAuthCookie(username, false);
}