我正在使用MVC3,并将用户身份验证放在了web.config文件中。这是为了绕过sqlserver身份验证。
在web.config中的代码如下:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" >
<credentials passwordFormat="Clear">
<user name="test123" password="test123" />
</credentials>
</forms>
</authentication>
我尝试使用提到的用户id和密码登录,在页面中出现错误,因为
登录失败。请更正错误,然后重试。
* The user name or password provided is incorrect.
当我调试到AccountController.cs文件时,MembershipService.ValidateUser(model.UserName, model.Password)
方法失败。
发布于 2011-03-18 21:23:57
如果您查看标准的ASP.NET、MVC3、AccountController.cs和AccountModels.cs文件,您将了解内部使用的MembershipProvider.ValidateUser方法(通过Membership.Provider)。如果您想将密码存储在web.config中,则应该使用FormsAuthentication.Authenticate方法。
例如:
public class AuthorizationController : Controller
{
public ActionResult LogOn()
{
return View("LogOn");
}
[AcceptVerbs(HttpVerbs.Post)]
public ActionResult LogOn(string userName, string password,
bool rememberMe, string returnUrl)
{
if (!ValidateLogOn(userName, password))
return View("LogOn");
FormsAuthentication.SetAuthCookie(userName, rememberMe);
if (!string.IsNullOrEmpty(returnUrl))
return Redirect(returnUrl);
else
return RedirectToAction("Index", "News");
}
private bool ValidateLogOn(string userName, string password)
{
if (string.IsNullOrEmpty(userName))
ModelState.AddModelError("username", "User name required");
if (string.IsNullOrEmpty(password))
ModelState.AddModelError("password", "Password required");
if (ModelState.IsValid && !FormsAuthentication.
Authenticate(userName, password))
ModelState.AddModelError("_FORM", "Wrong user name or password");
return ModelState.IsValid;
}
public RedirectToRouteResult LogOff()
{
FormsAuthentication.SignOut();
return RedirectToAction("LogOn");
}
}
https://stackoverflow.com/questions/5342305
复制相似问题