Step by step use ext js mvc and ASP. Net MVC 3 to develop a simple CMS background management system to complete the login function

The logon window is complete. Now you can complete the final work, mainly to complete the configuration of the membership provider.

First open the Web. config file and add a database connection definition in the configuration section. The Code is as follows:

<Connectionstrings>

<Addname = "applicationservices" connectionstring = "Data Source = 192.168.0.254; initialcatalog = simplecms; persist Security info = true; user id = sa; Password = abcd-1234;" providername = "system. data. sqlclient "/>

</Connectionstrings>

 

 

Enter the database address, user name, and password in the Code according to your actual situation.

Add the definition of the membership provider in the system. Web segment. The Code is as follows:

 

<Membership>

<Providers>

<Clear/>

<Add name = "aspnetsqlmembershipprovider" type = "system. web. security. sqlmembershipprovider "connectionstringname =" applicationservices "enablepasswordretrieval =" false "enablepasswordreset =" true "encoding =" false "requiresuniqueemail =" true "encoding =" 5 "encoding =" 6 "encoding =" 0 "passwordattemptwindow =" 10 "applicationname ="/"/>

</Providers>

</Membership>

<Rolemanager enabled = "true">

<Providers>

<Clear/>

<Add name = "aspnetsqlroleprovider" type = "system. Web. Security. sqlroleprovider" connectionstringname = "applicationservices" applicationname = "/"/>

<Add name = "aspnetwindow#enroleprovider" type = "system. Web. Security. window#enroleprovider" applicationname = "/"/>

</Providers>

</Rolemanager>

 

In the code, the membership segment is used to define the membership provider. The defined content includes: the type is sqlmembershipprovider, indicating that the SQL Server Provider is used; the connection string of the database (connectionstringname) it is the defined connection string; enablepasswordretrieval is fallse; enablepasswordreset is true; requiresquestionandanswer is false; requiresuniqueemail) true; the maximum number of failed attempts (maxinvalidpasswordattempts) is 5; The minimum password length (minrequiredpasswordlength) is 6; the minimum number of non-characters (minrequirednonalphanumericchara) Cters) is 0; the interval (passwordattemptwindow) between consecutive failed attempts of valid passwords or password answers is 10 minutes. The last applicationname indicates the ID of the current application. Because no application uses this database provider, it is set to "/".

The role provider defined in the rolemanager section mainly defines the connection string and Application ID.

After the configuration is complete, select the project and ASP. NET configuration in the main menu. The website management tool shown in 13 is opened in the browser. If the configuration is correct, you can now add users and roles.

Figure 13 website management tools

Click the Security tab on the page to view the 14 page.

Figure 14 Security Tab

Click "create or Manage Roles" in the role. On the page shown in Figure 15, create two roles: System Administrator and common user.

Figure 15 create a role

Return to the Security tab, and click "create user" in the user list to create the admin and test users. The passwords of both users are set to 123456. Enter the password in your email. Set the admin role as the system administrator and the test role as a common user.

Now that both the user and role are available, you can complete the final verification code. Return to Vs and switch to accountcontroller. CS file, first add to system. web. security Reference, then modify the authentication statement for the user and password, and add the code for writing authentication cookies. The final code is as follows:

If (membership. validateuser (model. username, model. Password ))

{

Formsauthentication. setauthcookie (model. username, true );

Success = true;

}

Else

{

Errors. Add ("username", "Incorrect username or password. ");

Errors. Add ("password", "incorrect user name or password. ");

}

 

 

Okay, the simple verification process is complete. However, it seems a little too simple. The following describes the complexity. First, block this statement and call the getuser method of membership to return a user object of the membershipuser type based on the user name. The Code is as follows:

Membershipuser user = membership. getuser (model. username );

 

Then judge whether the user is null. If it is null, it indicates that the user does not exist. The user name and password error message is returned. The Code is as follows:

If (user! = NULL)

{

 

}

Else

{

Errors. Add ("username", "Incorrect username or password. ");

Errors. Add ("password", "incorrect user name or password. ");

}

 

 

If the user is not null, the user exists. Then, check the isapproved attribute of the user to see if the user is disabled. If yes, return the user's disabled information. The Code is as follows:

If (user. isapproved)

{

}

Else

{

Errors. Add ("username", "the user has been disabled. Contact the administrator. ");

}

 

Then, check the islockedout attribute to determine whether the user is locked. If the user is locked, the system returns the information about the user being locked. The Code is as follows:

Timespan Ts = user. lastlockoutdate. addminutes (60)-datetime. now;

If (user. islockedout & TS. Minutes> 0)

{

Errors. Add ("username", "the user name has been locked." + ts. minutes + "minutes later, you can try again. ");

}

Else

{

If (user. islockedout) user. unlockuser ();

}

 

The lastlockoutdate attribute in the code will return the user's lock time. By using the addminutes method and the lock interval, the unlock time is 60 minutes, and the unlock time minus the current time, you can determine whether the unlock time has passed based on their difference ts. If the value of TS is greater than 0, it indicates that the unlock time has not been reached. Otherwise, it means that it has been unlocked and can continue verification. Therefore, you must call the unlockuser method to unlock the user.

Then, you can use the validateuser method to verify the user name and password, that is, copy the code that has been blocked here.

After the verification is successful, verify that the user's role meets the requirements for logging on to the background. Currently, only the system administrator and common user can log on. Therefore, the code after the verification is modified to the following:

If (roles. isuserinrole (model. username, "System Administrator") | roles. isuserinrole (model. username, "common user "))

{

Formsauthentication. setauthcookie (model. username, false );

Success = true;

}

Else

{

Errors. Add ("username", "You do not have permission to log on to the system. ");

}

 

Now, the entire logon process is complete.