问题
I am currently working on a project that will have a website and apps for mobile devices. I am going to need a way to let users login to my site to view certain areas. I know I will need to build a WCF RESTful service but I am stuck on how to proceed with creating the users. I was originally going to use the built in .NET Membership but the more I read about it the worst it sounded if I had a lot of users. I then was thinking of building a new provider which would give me all the functionality of the built in .NET Membership but I would have more control over everything. The last idea was to build a whole membership system, but I was worried I would loose the functionality of the built in .NET Membership system. I am basically just looking for someone to point me in the right direction and explain why.
Right now I am thinking the best way to handle this is going to be to build a whole membership system. I am thinking I am going to have my data access all through a WCF in the backend that my website would call and the RESTful service would call. I am not aware of a way right now that I can authenticate a users username and password through a WCF.
Thanks for all your input.
回答1:
We do this very thing in several of our projects, here is a summary of how we accomplish it. Keep in mind it's only one method, and we have also had success writing our own membership provider.
We have 3 main projects:
- Data.project - class library
- WebApp.project - MVC Application
- API.project - WCF service
We use the built in .NET membership provider as it exists out of the box. This gives us the basic registration, password changes, role management, and the easy controller based role permission and access control in our MVC and API projects.
The default membership provider will use its own tables to store the user data.
We then create our own User and Profile tables and data structure with a foreign key back to the .NET membershipId of the user. This gives us the flexibility to do all of the application specific things we need to do with a user profile while still giving us access to the default provider.
Authentication is straight forward in the MVC project, you can now use the .NET Membership methods to authenticate by username and password:
if(Membership.ValidateUser(username,password)){
FormsAuthentication.SetAuthCookie(username,password);
}
For the WCF project you do not have the luxury of FormsAuthentication, but you can still use the default membership provider to validate the users credentials.
How you handle authentication after that is up to you and your project, but for basic needs we generally go with an authentication token that is returned by the WCF service after validation. This token is then included with each WCF request to prove they have been validated, usually in the request headers.
For WCF we base 64 encode the username and password when submitting the credentials to the server, then if successful we pass back the auth token:
string decoded = System.Text.Encoding.UTF8.GetString(System.Convert.FromBase64String(Authmodel));
//convert your string into your authentication model here then
if(Membership.ValidateUser(model.user,model.pass))
{
//return new authentication token
}
We also include additional logic during registration that build out our proprietary user and profile tables at that time, this is handled in the data project so that both the WCF and MVC may access it.
Additionally, the data project handles the linking between our user and profile tables and that of the .NET Membership provider tables so the information can be accessed by both applications.
I realize that is all quite vague, but maybe it can help you think of one option for handling authentication in a unified way. If you have questions about a specific portion let me know and I hope this information is useful for you.
来源:https://stackoverflow.com/questions/12440107/membership-system-for-website-and-mobile-apps