本来想写Preview 3中使用Membership的,结果Preview 4
已经集成了,真郁闷。就随便写写吧
。
Membership的好处和不足在这里就不多说了。在中小项目中,使用它还是非常方便的。
不废话,首先运行Visual Studio 2008 Command Prompt:
输入aspnet_regsql
然后根据向导:
选择数据库:
然后一路下一步,完成向导,这时候数据库中就已经有了Membership所需要的表、视图和存储过程。
记得修改web.config文件。用这个数据库的ConnectionString代替默认的SqlExpress的。就可以正常使用了。
ASP.NET MVC PREVIEW4把Membership的使用已经集成了,并且做了默认的Controller和Views:
首先看看注册用户部分的代码:
1 public ActionResult Register(string username, string email, string password, string confirmPassword)
2 {
3
4 ViewData["Title"] = "Register";
5 ViewData["PasswordLength"] = Provider.MinRequiredPasswordLength;
6
7 // Non-POST requests should just display the Register form
8 if (Request.HttpMethod != "POST")
9 {
10 return View();
11 }
12
13 // Basic parameter validation
14 List<string> errors = new List<string>();
15
16 if (String.IsNullOrEmpty(username))
17 {
18 errors.Add("You must specify a username.");
19 }
20 if (String.IsNullOrEmpty(email))
21 {
22 errors.Add("You must specify an email address.");
23 }
24 if (password == null || password.Length < Provider.MinRequiredPasswordLength)
25 {
26 errors.Add(String.Format(CultureInfo.InvariantCulture,
27 "You must specify a password of {0} or more characters.",
28 Provider.MinRequiredPasswordLength));
29 }
30 if (!String.Equals(password, confirmPassword, StringComparison.Ordinal))
31 {
32 errors.Add("The password and confirmation do not match.");
33 }
34
35 if (errors.Count == 0)
36 {
37
38 // Attempt to register the user
39 MembershipCreateStatus createStatus;
40 MembershipUser newUser = Provider.CreateUser(username, password, email, null, null, true, null, out createStatus);
41
42 if (newUser != null)
43 {
44
45 FormsAuth.SetAuthCookie(username, false /* createPersistentCookie */);
46 return RedirectToAction("Index", "Home");
47 }
48 else
49 {
50 errors.Add(ErrorCodeToString(createStatus));
51 }
52 }
53
54 // If we got this far, something failed, redisplay form
55 ViewData["errors"] = errors;
56 ViewData["username"] = username;
57 ViewData["email"] = email;
58 return View();
59 }
2 {
3
4 ViewData["Title"] = "Register";
5 ViewData["PasswordLength"] = Provider.MinRequiredPasswordLength;
6
7 // Non-POST requests should just display the Register form
8 if (Request.HttpMethod != "POST")
9 {
10 return View();
11 }
12
13 // Basic parameter validation
14 List<string> errors = new List<string>();
15
16 if (String.IsNullOrEmpty(username))
17 {
18 errors.Add("You must specify a username.");
19 }
20 if (String.IsNullOrEmpty(email))
21 {
22 errors.Add("You must specify an email address.");
23 }
24 if (password == null || password.Length < Provider.MinRequiredPasswordLength)
25 {
26 errors.Add(String.Format(CultureInfo.InvariantCulture,
27 "You must specify a password of {0} or more characters.",
28 Provider.MinRequiredPasswordLength));
29 }
30 if (!String.Equals(password, confirmPassword, StringComparison.Ordinal))
31 {
32 errors.Add("The password and confirmation do not match.");
33 }
34
35 if (errors.Count == 0)
36 {
37
38 // Attempt to register the user
39 MembershipCreateStatus createStatus;
40 MembershipUser newUser = Provider.CreateUser(username, password, email, null, null, true, null, out createStatus);
41
42 if (newUser != null)
43 {
44
45 FormsAuth.SetAuthCookie(username, false /* createPersistentCookie */);
46 return RedirectToAction("Index", "Home");
47 }
48 else
49 {
50 errors.Add(ErrorCodeToString(createStatus));
51 }
52 }
53
54 // If we got this far, something failed, redisplay form
55 ViewData["errors"] = errors;
56 ViewData["username"] = username;
57 ViewData["email"] = email;
58 return View();
59 }
首先是判断在页面没有提交的时候,输出视图;
然后根据提交的内容,做了一大堆验证,错误信息存储在List<string> errors里面;
然后创建用户,并登录。
说实在的,比俺自己写的,要好
。
这个基本上改改视图就可以直接用了,默认的视图:
再看看登录的Controller Action:
public ActionResult Login(string username, string password, bool? rememberMe)
{
ViewData["Title"] = "Login";
// Non-POST requests should just display the Login form
if (Request.HttpMethod != "POST")
{
return View();
}
// Basic parameter validation
List<string> errors = new List<string>();
if (String.IsNullOrEmpty(username))
{
errors.Add("You must specify a username.");
}
if (errors.Count == 0)
{
// Attempt to login
bool loginSuccessful = Provider.ValidateUser(username, password);
if (loginSuccessful)
{
FormsAuth.SetAuthCookie(username, rememberMe ?? false);
return RedirectToAction("Index", "Home");
}
else
{
errors.Add("The username or password provided is incorrect.");
}
}
// If we got this far, something failed, redisplay form
ViewData["errors"] = errors;
ViewData["username"] = username;
return View();
}
{
ViewData["Title"] = "Login";
// Non-POST requests should just display the Login form
if (Request.HttpMethod != "POST")
{
return View();
}
// Basic parameter validation
List<string> errors = new List<string>();
if (String.IsNullOrEmpty(username))
{
errors.Add("You must specify a username.");
}
if (errors.Count == 0)
{
// Attempt to login
bool loginSuccessful = Provider.ValidateUser(username, password);
if (loginSuccessful)
{
FormsAuth.SetAuthCookie(username, rememberMe ?? false);
return RedirectToAction("Index", "Home");
}
else
{
errors.Add("The username or password provided is incorrect.");
}
}
// If we got this far, something failed, redisplay form
ViewData["errors"] = errors;
ViewData["username"] = username;
return View();
}
和注册大同小异。
最后看看修改密码的Action,前面加了个Attribute:[Authorize],限制访问用户必须是已登录用户。
唉,啥都弄好了,叫俺以后咋混啊:
仍然是一个FilterAttribute,可以指定Roles和Users,
,俺以前也写过一个类似的,看来得废掉了。
注册、登录、验证还可以稍微改进,比如加进验证码、AJAX等等特性。
初看了一下,算是学习笔记吧,明天读读源代码,再写写心得。