I'd like to use WebSecurity+SimpleMembership, but implement the ability to (optionally) login users via a custom/alternative authentication method.
WebSecurity.Login only has one method signature, which requires both a username and a password. I'd like to skip the password check, e.g.:
if (MyCustomAuthenticationMethod.Authenticate(username, customData)) {
WebSecurity.Login(username); // Login without password check, method doesn't exist though
}
I assume custom-auth-methods are possible given OAuthWebSecurity exists, but I'm not sure how to go about implementing my own.
Well, you could simply go back to root of authentication and call directly
FormsAuthentication.SetAuthCookie
This will create cookie and authenticate your user. See Asp.net Memebership Authorization without password
They didn't make it easy to login without a password. One method could be to make your own custom OAuth plug-in and simply call it with your own token like this:
OAuthWebSecurity.Login("google", "token", true);
You can find here how to create a custom OAuth provider: http://www.codeguru.com/columns/experts/implementing-oauth-features-in-asp.net-mvc-4.htm
And you can browse the code here: https://github.com/ASP-NET-MVC/aspnetwebstack/blob/master/src/Microsoft.Web.WebPages.OAuth/OAuthWebSecurity.cs
Here is a snippet from OAuthWebSecurity.cs file that shows the internals of how to user is authenticated without password:
internal static bool LoginCore(HttpContextBase context, string providerName, string providerUserId, bool createPersistentCookie)
{
var provider = GetOAuthClient(providerName);
var securityManager = new OpenAuthSecurityManager(context, provider, OAuthDataProvider);
return securityManager.Login(providerUserId, createPersistentCookie);
}
Perhaps someone out there already made this plugin.
来源:https://stackoverflow.com/questions/14197528/how-do-i-manually-log-a-user-in-using-websecurity-simplemembership