C# 跨域身份验证的最佳实践
我有一个现有的web应用程序,正在将其移植到C# 跨域身份验证的最佳实践,c#,asp.net-mvc,cordova,security,C#,Asp.net Mvc,Cordova,Security,我有一个现有的web应用程序,正在将其移植到PhoneGap。我已经成功地复制了这一点,但我想知道跨域身份验证的最佳实践。我应该在这里提到,现有的身份验证使用的是System.Web.Security,我的PhoneGap应用程序正在与之通信的Web服务具有相同的性质 目前,我已经设置了登录功能,它将发布到我的登录方法: [HttpPost] public JsonResult Login(LoginModel viewModel) { string error = ""; if
PhoneGapSystem.Web.Security登录[HttpPost]
public JsonResult Login(LoginModel viewModel)
{
string error = "";
if (!WebSecurity.IsAccountLockedOut(viewModel.UserName, 3, 60 * 60))
{
if (WebSecurity.Login(viewModel.UserName, viewModel.Password))
return Json(new { success = true });
error = "The user name or password provided is incorrect.";
}
else
error = "Too many failed login attempts. Please try again later.";
return Json(new { success = false, error });
}
Javascriptfunction login(data, automated) {
$.ajax({
type: "POST",
url: "http://url/checkin/app/login",
content: "application/json; charset=utf-8",
dataType: "json",
data: data,
success: function(d) {
if (d.success == true) {
window.localStorage.setItem('UserName', data.UserName);
window.localStorage.setItem('Password', data.Password);
window.location = "index.html";
} else {
localStorage.clear();
if (!automated) {
app.showError(d.error);
}
}
},
error: function (xhr, textStatus, errorThrown) {
app.showError(errorThrown);
}
});
}
success:trueMembership.GetUser()[HttpPost]
public JsonResult CheckIn(int id)
{
var user = Membership.GetUser();
// Do stuff
}
.ASPXAUTH属性[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
public sealed class InitializeSimpleMembershipAttribute : ActionFilterAttribute
{
private static SimpleMembershipInitializer _initializer;
private static object _initializerLock = new object();
private static bool _isInitialized;
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
// Ensure ASP.NET Simple Membership is initialized only once per app start
LazyInitializer.EnsureInitialized(ref _initializer, ref _isInitialized, ref _initializerLock);
}
private class SimpleMembershipInitializer
{
public SimpleMembershipInitializer()
{
Database.SetInitializer<UsersContext>(null);
try
{
using (var context = new UsersContext())
{
if (!context.Database.Exists())
{
// Create the SimpleMembership database without Entity Framework migration schema
((IObjectContextAdapter)context).ObjectContext.CreateDatabase();
}
}
WebSecurity.InitializeDatabaseConnection("DefaultConnection", "UserProfile", "UserId", "UserName", autoCreateTables: true);
}
catch (Exception ex)
{
throw new InvalidOperationException("The ASP.NET Simple Membership database could not be initialized. For more information, please see http://go.microsoft.com/fwlink/?LinkId=256588", ex);
}
}
}
}
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method,AllowMultiple=false,Inherited=true)]
公共密封类InitializeSimpleMembershipAttribute:ActionFilterAttribute
{
私有静态SimpleMembershipInitializer\u initializer;
私有静态对象_initializerLock=新对象();
私有静态布尔值初始化;
公共覆盖无效OnActionExecuting(ActionExecutingContext filterContext)
{
//确保每次应用程序启动仅初始化一次ASP.NET简单成员身份
LazyInitializer.确保重新初始化(参考初始值设定项,参考初始值设定项,参考初始值设定项锁定);
}
私有类SimpleMembershipInitializer
{
公共SimpleMembershipInitializer()
{
Database.SetInitializer(null);
尝试
{
使用(var context=new UsersContext())
{
如果(!context.Database.Exists())
{
//创建没有实体框架迁移模式的SimpleMembership数据库
((IObjectContextAdapter)context.ObjectContext.CreateDatabase();
}
}
WebSecurity.InitializeDatabaseConnection(“DefaultConnection”、“UserProfile”、“UserId”、“UserName”,autoCreateTables:true);
}
捕获(例外情况除外)
{
抛出新的InvalidOperationException(“无法初始化ASP.NET简单成员身份数据库。有关详细信息,请参阅http://go.microsoft.com/fwlink/?LinkId=256588“,ex);
}
}
}
}