没有ASP.NET标识的OWIN cookie身份validation

在看看身份时，我也有同感。 它增加了许多不必要的抽象，并不适合我的情况，我有遗留系统，实现了自定义的身份validation工作流程。

大量关于使用Identity和EF默认的OWIN身份validation的例子让开发人员感到困惑，OWIN必须使用身份和entity framework。

但从技术上讲，您可以剥离Identity以仅使用OWIN cookie身份validation（ Microsoft.Owin.Security.Cookies ）。 代码变得非常简单，下面是我从我的代码中获得的示例，它消除了琐碎的事情：

 [HttpPost] public ActionResult Login(LoginViewModel model, string returnUrl) { var user = _userService.GetByEmail(model.Email); //check username and password from database, naive checking: //password should be in SHA if (user != null && (user.Password == model.Password)) { var claims = new[] { new Claim(ClaimTypes.Name, user.Name), new Claim(ClaimTypes.Email, user.Email), // can add more claims }; var identity = new ClaimsIdentity(claims, "ApplicationCookie"); // Add roles into claims var roles = _roleService.GetByUserId(user.Id); if (roles.Any()) { var roleClaims = roles.Select(r => new Claim(ClaimTypes.Role, r.Name)); identity.AddClaims(roleClaims); } var context = Request.GetOwinContext(); var authManager = context.Authentication; authManager.SignIn(new AuthenticationProperties { IsPersistent = model.RememberMe }, identity); return RedirectToAction("Index", "Home"); } // login failed. } public ActionResult LogOut() { var ctx = Request.GetOwinContext(); var authManager = ctx.Authentication; authManager.SignOut("ApplicationCookie"); return RedirectToAction("Login"); } 

不使用Owin安全方法：Itz我的控制器编码

 [HttpPost] [ValidateAntiForgeryToken] public ActionResult Login(Employee emp, string returnUrl) { using(AdaptiveProjectEntities db = new AdaptiveProjectEntities()) { string email = emp.Email; // byte[] en = System.Text.Encoding.UTF8.GetBytes(emp.Password); //var ee = Convert.ToBase64String(en); string pass = emp.Password; bool userValid = db.Employees.Any(user => user.Email == email && user.Password == pass); if(userValid) { FormsAuthentication.SetAuthCookie(email, false); if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/") && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\")) { return Redirect(returnUrl); } else { return RedirectToAction("Index", "Projects"); } } else { ModelState.AddModelError("", "The user name or password provided is incorrect."); } } return View(emp); } public ActionResult Logout() { FormsAuthentication.SignOut(); return RedirectToAction("Login", "Login"); } } } 

视图：

 
 
 
 
 
 
Login @*
*@ @using (Html.BeginForm()) { 
 @Html.AntiForgeryToken() 
 @Html.ValidationSummary(true, "", new { @class = "text-danger" }) 
 @Html.LabelFor(model => model.Email, htmlAttributes: new { @class = "control-label col-md-3" }) 
 @Html.EditorFor(model => model.Email, new { htmlAttributes = new { @class = "form-control", type = "email", required = "required" } }) @Html.ValidationMessageFor(model => model.Email, "", new { @class = "text-danger" }) 
 
 
 @Html.LabelFor(model => model.Password, htmlAttributes: new { @class = "control-label col-md-3" }) 
 @Html.EditorFor(model => model.Password, new { htmlAttributes = new { @class = "form-control", type = "password", required = "required" } }) @Html.ValidationMessageFor(model => model.Password, "", new { @class = "text-danger" }) 
 
 
 
  
 
 }