⬆️ ⬇️

ASP.NET - custom authorization forms. Crib

There are many ways to write your own authorization implementation on the site. I will give a fairly simple way to create my own provider for authorization and writing it in the web config. This method will allow the use of such standard controls as Login, LoginStatus and the like.



Your MembershipProvider for user authentication



Step 1: inherit from System.Web.Security.MembershipProvider , implement the class and override the methods we need. The main one is ValidateUser, which is responsible for authenticating the user to the system.

namespace Providers

{

public class CustomMembershipProvider : MembershipProvider

{

public override bool ValidateUser( string username, string password)

{

return myUserManager.ValidateUser(username, password); //

}

...

}

}




Methods that you do not want to override can be left as follows:

public override bool UnlockUser( string userName)

{

throw new Exception( "The method or operation is not implemented." );

}




if necessary, they can always be implemented.



Step 2: in web.config is written:

< system.web >

< membership defaultProvider ="CustomMembershipProvider" >

< providers >

< clear />

< add name ="CustomMembershipProvider" type ="Providers.CustomMembershipProvider" />

</ providers >

</ membership >

</ system.web >




Also, do not forget that you need to prescribe that we do the authorization forms:

< authentication mode ="Forms" >

< forms defaultUrl ="~/Default.aspx" timeout ="120" loginUrl ="~/Login.aspx" />

</ authentication >




Now you can throw on the Login control login page and use it, not forgetting why you needed authorization:

< authorization >

< deny users ="?" />

< allow users ="*" />

</ authorization >







Your RoleProvider to define user roles



Step 1: inherit from System.Web.Security.RoleProvider , implement the class and override the methods we need.

namespace Providers

{

public class CustomRoleProvider : RoleProvider

{

public override string [] GetRolesForUser( string username)

{

return myUserManager.GetUser(username).Roles; //

}

}

}




Here, also unused methods can be left throwing an exception:

public override string [] GetUsersInRole( string roleName)

{

throw new Exception( "The method or operation is not implemented." );

}




Step 2: in web.config is written:

< system.web >

< roleManager enabled ="true" defaultProvider ="CustomRoleProvider" >

< providers >

< add name ="CustomRoleProvider" type ="Providers.CustomRoleProvider" />

</ providers >

</ roleManager >

</ system.web >




Everything can be enjoyed. For example, like this:

< authorization >

< deny roles ="Admin" />

</ authorization >




And as a conclusion, I will give an example of dependency injection into my providers using Unity:

if (Roles.Enabled)

_unityContext.Container.BuildUp(Roles.Provider.GetType(), Roles.Provider);

_unityContext.Container.BuildUp(Membership.Provider.GetType(), Membership.Provider);




* This source code was highlighted with Source Code Highlighter .


')

Source: https://habr.com/ru/post/96601/



All Articles