标签:form isnull frame com attribute system html foreach nal
Membership 是System.Web.Security 用户登录验证的一个封装类静态类,提供 Membership.ValidateUser(string username, string password) 返回一个bool类型的等方法。
由于.NET之前不开源很多时候只知道大概的实现原理,比如调用这个类方法前需要在项目实现一个继承 MembershipProvider的类,该类提供了 public abstract bool ValidateUser(string username, string password);等抽象方法。
大概思路就是 Membership 封装 MembershipProvider派生类的初始化等操作来调用该类的具体实现。
先看看 Membership 类的几个关键代码
public static class Membership { public static MembershipProviderCollection Providers { get { Initialize(); return s_Providers; } } public static MembershipProvider Provider { get { Initialize(); if (s_Provider == null) { throw new InvalidOperationException(SR.GetString(SR.Def_membership_provider_not_found)); } return s_Provider; } } private static void Initialize() { if (s_Initialized && s_InitializedDefaultProvider) { return; } if (s_InitializeException != null) throw s_InitializeException; if (HostingEnvironment.IsHosted) HttpRuntime.CheckAspNetHostingPermission(AspNetHostingPermissionLevel.Low, SR.Feature_not_supported_at_this_level); lock (s_lock) { if (s_Initialized && s_InitializedDefaultProvider) { return; } if (s_InitializeException != null) throw s_InitializeException; bool initializeGeneralSettings = !s_Initialized; // the default provider can be initialized once the pre start init has happened (i.e. when compilation has begun) // or if this is not even a hosted scenario bool initializeDefaultProvider = !s_InitializedDefaultProvider && (!HostingEnvironment.IsHosted || BuildManager.PreStartInitStage == PreStartInitStage.AfterPreStartInit); if (!initializeDefaultProvider && !initializeGeneralSettings) { return; } bool generalSettingsInitialized; bool defaultProviderInitialized = false; try { //通过web.config 配置实现初始化的配置参数。 RuntimeConfig appConfig = RuntimeConfig.GetAppConfig(); MembershipSection settings = appConfig.Membership; generalSettingsInitialized = InitializeSettings(initializeGeneralSettings, appConfig, settings); defaultProviderInitialized = InitializeDefaultProvider(initializeDefaultProvider, settings); // VSO #265267 log warning in event log when using clear password and encrypted password in Membership provider // VSO #433626 In order to minimize the behavior change, we are going to read the password format from the config settings only instead of getting from the provider class // Also allow user to opt-out this feature. if (AppSettings.LogMembershipPasswordFormatWarning) { CheckedPasswordFormat(settings); } } catch (Exception e) { s_InitializeException = e; throw; } // update this state only after the whole method completes to preserve the behavior where // the system is uninitialized if any exceptions were thrown. if (generalSettingsInitialized) { s_Initialized = true; } if (defaultProviderInitialized) { s_InitializedDefaultProvider = true; } } } private static bool InitializeSettings(bool initializeGeneralSettings, RuntimeConfig appConfig, MembershipSection settings) { if (!initializeGeneralSettings) { return false; } s_HashAlgorithmType = settings.HashAlgorithmType; s_HashAlgorithmFromConfig = !string.IsNullOrEmpty(s_HashAlgorithmType); if (!s_HashAlgorithmFromConfig) { // If no hash algorithm is specified, use the same as the "validation" in "<machineKey>". // If the validation is "3DES", switch it to use "SHA1" instead. MachineKeyValidation v = appConfig.MachineKey.Validation; if (v != MachineKeyValidation.AES && v != MachineKeyValidation.TripleDES) s_HashAlgorithmType = appConfig.MachineKey.ValidationAlgorithm; else s_HashAlgorithmType = "SHA1"; } s_Providers = new MembershipProviderCollection(); if (HostingEnvironment.IsHosted) { ProvidersHelper.InstantiateProviders(settings.Providers, s_Providers, typeof(MembershipProvider)); } else { foreach (ProviderSettings ps in settings.Providers) { Type t = Type.GetType(ps.Type, true, true); if (!typeof(MembershipProvider).IsAssignableFrom(t)) throw new ArgumentException(SR.GetString(SR.Provider_must_implement_type, typeof(MembershipProvider).ToString())); MembershipProvider provider = (MembershipProvider)Activator.CreateInstance(t); NameValueCollection pars = ps.Parameters; NameValueCollection cloneParams = new NameValueCollection(pars.Count, StringComparer.Ordinal); foreach (string key in pars) cloneParams[key] = pars[key]; provider.Initialize(ps.Name, cloneParams); s_Providers.Add(provider); } } TimeSpan timeWindow = settings.UserIsOnlineTimeWindow; s_UserIsOnlineTimeWindow = (int)timeWindow.TotalMinutes; return true; } private static bool InitializeDefaultProvider(bool initializeDefaultProvider, MembershipSection settings) { if (!initializeDefaultProvider) { return false; } s_Providers.SetReadOnly(); if (settings.DefaultProvider == null || s_Providers.Count < 1) throw new ProviderException(SR.GetString(SR.Def_membership_provider_not_specified)); s_Provider = s_Providers[settings.DefaultProvider]; if (s_Provider == null) { throw new ConfigurationErrorsException(SR.GetString(SR.Def_membership_provider_not_found), settings.ElementInformation.Properties["defaultProvider"].Source, settings.ElementInformation.Properties["defaultProvider"].LineNumber); } return true; } }
//用户实现的派生类 public class SQLMembershipProvider: MembershipProvider { public SQLMembershipProvider() { } public override bool ValidateUser(string username, string password) { //验证用户密码的具体用户级逻辑 } }
webconfig 配置派生类参数
<membership defaultProvider="TestMembershipProvider"> <providers> <clear /> <add connectionStringName="TestADConnectionString" connectionUsername="" connectionPassword="" attributeMapUsername="sAMAccountName" name="SQLMembershipProvider" type="Summer.Net.Security.SQLMembershipProvider,Summer.Net.Security" /> </providers> </membership>
.NET Framework Membership.ValidateUser(string username, string password) 深度剖析,以及动态配置实现
标签:form isnull frame com attribute system html foreach nal
原文地址:https://www.cnblogs.com/ms_senda/p/12499096.html