所以这就是我的困境, 我想使用Windows身份验证,但不是传统意义上的。 我需要用户能够为预先确定的用户提供密码。哪个存在于运行IIS的服务器上。 该用户是该计算机上的本地用户。
将MVC设置为Windows身份验证会显示您需要登录的上帝可怕的弹出窗口。我想以我的Webapp风格向他们展示一个很好的登录窗口。
所以我的解决方案是,使用个人帐户身份验证。 现在这也很好用,但是使用EF和数据库,我不想保存和维护任何密码。
所以我找到了这段代码:
PrincipalContext context =
new PrincipalContext(ContextType.Machine, null);
return context.ValidateCredentials(username, password);
我想要的是什么但是。然后我如何检查用户在导航到另一个页面后是否实际经过身份验证?
我已将个人用户帐户用于其他网站,您可以使用[授权]作为执行此操作的方法。但是我没有真正的模型来验证这里。
有人知道如何解决这个问题吗? 或者有人遇到类似的情况?
另外我知道这里没有很多代码,但老实说,我无法向你们展示值得张贴的东西。
编辑: 会议是否是正确的方式?我可以为登录状态设置会话变量并在每个页面上检查它?我更喜欢另一种方法。 (饼干是不行的)
答案 0 :(得分:1)
会话应该是要走的路。 另外,您考虑过使用外部身份验证吗?这样你就不需要维护密码了。 http://www.asp.net/web-pages/overview/security/enabling-login-from-external-sites-in-an-aspnet-web-pages-site
很可能你需要使用这个人:https://msdn.microsoft.com/en-us/library/system.web.security.formsauthentication(v=vs.110).aspx 另一个链接:http://www.codeproject.com/Articles/578374/AplusBeginner-splusTutorialplusonplusCustomplusF
此外,您可以查看自动生成的List中的IAuthenticationManager,它有一些有趣的方法,看看您是否可以重复使用它们。
AccountController用法可能就是这样:
//
// Summary:
// Add information to the response environment that will cause the appropriate
// authentication middleware to grant a claims-based identity to the recipient
// of the response. The exact mechanism of this may vary. Examples include
// setting a cookie, to adding a fragment on the redirect url, or producing
// an OAuth2 access code or token response.
//
// Parameters:
// identities:
// Determines which claims are granted to the signed in user. The ClaimsIdentity.AuthenticationType
// property is compared to the middleware's Options.AuthenticationType value
// to determine which claims are granted by which middleware. The recommended
// use is to have a single ClaimsIdentity which has the AuthenticationType matching
// a specific middleware.
void SignIn(params ClaimsIdentity[] identities);
//
// Summary:
// Add information to the response environment that will cause the appropriate
// authentication middleware to grant a claims-based identity to the recipient
// of the response. The exact mechanism of this may vary. Examples include
// setting a cookie, to adding a fragment on the redirect url, or producing
// an OAuth2 access code or token response.
//
// Parameters:
// properties:
// Contains additional properties the middleware are expected to persist along
// with the claims. These values will be returned as the AuthenticateResult.properties
// collection when AuthenticateAsync is called on subsequent requests.
//
// identities:
// Determines which claims are granted to the signed in user. The ClaimsIdentity.AuthenticationType
// property is compared to the middleware's Options.AuthenticationType value
// to determine which claims are granted by which middleware. The recommended
// use is to have a single ClaimsIdentity which has the AuthenticationType matching
// a specific middleware.
void SignIn(AuthenticationProperties properties, params ClaimsIdentity[] identities);