WebSecurity.Login
in simplemembership take username and password, how to make it to login the user using username or email instead of just username?, to make the user free to enter his email or username to login.
问题:
回答1:
You could inherit from the SimpleMembershipProvider
and just override the ValidateUser
method like this.
public class ExtendedSimpleMembershipProvider : SimpleMembershipProvider
{
public override bool ValidateUser(string login, string password)
{
// check to see if the login passed is an email address
if (IsValidEmail(login))
{
string actualUsername = base.GetUserNameByEmail(login);
return base.ValidateUser(actualUsername, password);
}
else
{
return base.ValidateUser(login, password);
}
}
bool IsValidEmail(string strIn)
{
// Return true if strIn is in valid e-mail format.
return Regex.IsMatch(strIn, @"^([\w-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([\w-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$");
}
}
This is just one approach. You could write your own MembershipProvider
but if you only need to change the ValidateUser
method this should work.
Add the following configuration to the web.config to setup the provider.
<membership defaultProvider="ExtendedSimpleMembershipProvider">
<providers>
<clear/>
<add name="ExtendedSimpleMembershipProvider"
type="MyProject.Web.SimpleMembershipProvider, MyProject.Web"/>
</providers>
</membership>
That should get you going in the right direction.
回答2:
WebSecurity just calls FormsAuthentication
under the hood.
You can do this:
if (WebSecurity.UserExists(username))
{
FormsAuthentication.SetAuthCookie(username, false);
}
Curious why you need this feature. (FYI: My reasoning for needing this is if a user has authenticated with PayPal in an Express Checkout (shopping cart) flow I allow them to be auto-logged into my site as that same user because I consider the risk very low that it would not be the right person).
May be of use: Difference between FormsAuthentication and WebSecurity
回答3:
You can just pull the user with given email from UserProfiles table
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Login(LoginModel model, string returnUrl)
{
var login = false;
if (ModelState.IsValid)
{
if (!model.UserName.Contains("@"))
{
if (WebSecurity.Login(model.UserName, model.Password, persistCookie: model.RememberMe))
login = true;
}
else
{
var targetUser = db.UserProfiles.Where(u => u.Email == model.UserName).FirstOrDefault();
if (targetUser != null && WebSecurity.Login(targetUser.UserName, model.Password, persistCookie: model.RememberMe))
login = true;
}
}
if (login)
return Redirect(returnUrl);
// If we got this far, something failed, redisplay form
ModelState.AddModelError("", "The user name or password provided is incorrect.");
return View(model);
}
回答4:
Don't use email for user identification. It is a very easy thing to guess and today people could use a tool to guess that for them. That is why username is used, it could be anything.
With that being said, if you really want to - you can use the ID of the table where the username/email + password is located and match it first to a username and if that fails match it to an email. If both fail, login fails.
You should have no problems using this below to your check code, since you didn't post anything here I can't modify to see what you need.
WebSecurity.GetUserId(email);
For your next questions regarding MVC you should check ASP forums first then try here. Just an opinion