ASP.NET - custom authorization forms. Crib
There are many ways to write your own authorization implementation on the site. I will give a fairly simple way to create my own provider for authorization and writing it in the web config. This method will allow the use of such standard controls as Login, LoginStatus and the like.
Step 1: inherit from System.Web.Security.MembershipProvider , implement the class and override the methods we need. The main one is ValidateUser, which is responsible for authenticating the user to the system.
Methods that you do not want to override can be left as follows:
if necessary, they can always be implemented.
Step 2: in web.config is written:
Also, do not forget that you need to prescribe that we do the authorization forms:
Now you can throw on the Login control login page and use it, not forgetting why you needed authorization:
Step 1: inherit from System.Web.Security.RoleProvider , implement the class and override the methods we need.
Here, also unused methods can be left throwing an exception:
Step 2: in web.config is written:
Everything can be enjoyed. For example, like this:
And as a conclusion, I will give an example of dependency injection into my providers using Unity:
Your MembershipProvider for user authentication
Step 1: inherit from System.Web.Security.MembershipProvider , implement the class and override the methods we need. The main one is ValidateUser, which is responsible for authenticating the user to the system.
namespace Providers
{
public class CustomMembershipProvider : MembershipProvider
{
public override bool ValidateUser( string username, string password)
{
return myUserManager.ValidateUser(username, password); //
}
...
}
}
Methods that you do not want to override can be left as follows:
public override bool UnlockUser( string userName)
{
throw new Exception( "The method or operation is not implemented." );
}
if necessary, they can always be implemented.
Step 2: in web.config is written:
< system.web >
< membership defaultProvider ="CustomMembershipProvider" >
< providers >
< clear />
< add name ="CustomMembershipProvider" type ="Providers.CustomMembershipProvider" />
</ providers >
</ membership >
</ system.web >
Also, do not forget that you need to prescribe that we do the authorization forms:
< authentication mode ="Forms" >
< forms defaultUrl ="~/Default.aspx" timeout ="120" loginUrl ="~/Login.aspx" />
</ authentication >
Now you can throw on the Login control login page and use it, not forgetting why you needed authorization:
< authorization >
< deny users ="?" />
< allow users ="*" />
</ authorization >
Your RoleProvider to define user roles
Step 1: inherit from System.Web.Security.RoleProvider , implement the class and override the methods we need.
namespace Providers
{
public class CustomRoleProvider : RoleProvider
{
public override string [] GetRolesForUser( string username)
{
return myUserManager.GetUser(username).Roles; //
}
}
}
Here, also unused methods can be left throwing an exception:
public override string [] GetUsersInRole( string roleName)
{
throw new Exception( "The method or operation is not implemented." );
}
Step 2: in web.config is written:
< system.web >
< roleManager enabled ="true" defaultProvider ="CustomRoleProvider" >
< providers >
< add name ="CustomRoleProvider" type ="Providers.CustomRoleProvider" />
</ providers >
</ roleManager >
</ system.web >
Everything can be enjoyed. For example, like this:
< authorization >
< deny roles ="Admin" />
</ authorization >
And as a conclusion, I will give an example of dependency injection into my providers using Unity:
if (Roles.Enabled)
_unityContext.Container.BuildUp(Roles.Provider.GetType(), Roles.Provider);
_unityContext.Container.BuildUp(Membership.Provider.GetType(), Membership.Provider);
* This source code was highlighted with Source Code Highlighter .')
Source: https://habr.com/ru/post/96601/
All Articles