问题
I'd like to use WebSecurity+SimpleMembership, but implement the ability to (optionally) login users via a custom/alternative authentication method.
WebSecurity.Login only has one method signature, which requires both a username and a password. I'd like to skip the password check, e.g.:
if (MyCustomAuthenticationMethod.Authenticate(username, customData)) {
WebSecurity.Login(username); // Login without password check, method doesn't exist though
}
I assume custom-auth-methods are possible given OAuthWebSecurity exists, but I'm not sure how to go about implementing my own.
回答1:
Well, you could simply go back to root of authentication and call directly
FormsAuthentication.SetAuthCookie
This will create cookie and authenticate your user. See Asp.net Memebership Authorization without password
回答2:
They didn't make it easy to login without a password. One method could be to make your own custom OAuth plug-in and simply call it with your own token like this:
OAuthWebSecurity.Login("google", "token", true);
You can find here how to create a custom OAuth provider: http://www.codeguru.com/columns/experts/implementing-oauth-features-in-asp.net-mvc-4.htm
And you can browse the code here: https://github.com/ASP-NET-MVC/aspnetwebstack/blob/master/src/Microsoft.Web.WebPages.OAuth/OAuthWebSecurity.cs
Here is a snippet from OAuthWebSecurity.cs file that shows the internals of how to user is authenticated without password:
internal static bool LoginCore(HttpContextBase context, string providerName, string providerUserId, bool createPersistentCookie)
{
var provider = GetOAuthClient(providerName);
var securityManager = new OpenAuthSecurityManager(context, provider, OAuthDataProvider);
return securityManager.Login(providerUserId, createPersistentCookie);
}
Perhaps someone out there already made this plugin.
来源:https://stackoverflow.com/questions/14197528/how-do-i-manually-log-a-user-in-using-websecurity-simplemembership