Custom ValidateUser() in custom .net MembershipProvider_问答_开发者

Custom ValidateUser() in custom .net MembershipProvider

开发者 https://www.devze.com 2023-03-01 14:44 出处：网络

Is there a way to extend the ValidateUs开发者_StackOverflower method to receive other parameters than the default?

Default

public override bool ValidateUser(string username, string password)
{
    return db.ValidateUser(username, password);
}

I'd like to implement

public bool ValidateUser(Guid rsid)
{
    return db.ValidateUser(rsid);
}

'db' is a class containing methods to communicate with the database(s). This is not my design any way, it's a customer who wants to be able to sign in with Guid links, safe ey! :)

Thanks

If you are writing the code behind for the login page then you can directly reference the custom MembershipProvider method and hit whatever overloads you want, but if you are going through the abstract class then you'll have no access to the overload.

As for the Guid sign-in though, make the Guid the username, set the password to null and do something like this:

    public override bool ValidateUser(string username, string password)
    {
        Guid parsedUsername;
        if (String.IsNullOrWhiteSpace(password) && Guid.TryParse(username, out parsedUsername))
        {
            return ValidateUser(parsedUsername);
        }
        else
        {
            return db.ValidateUser(username, password);
        }
    }

It ends up being a complete hack, but accomplishes the goal your customer has. Might want to remind them that there is ZERO security in guid links.

How about just passing a string representation of a Guid in and converting?

public override bool ValidateUser(string username, string password)
{
    Guid rsid;

    if (Guid.TryParse(username, out rsid))
    {
        return db.ValidateUser(rsid);
    }
    else
    {
        return false;
    }
}

Another way around is to add a new method in the MembershipProvider (outside the defined interface), for example:

public class CustomMembershipProvider : MembershipProvider {

    private LoginValidationType ValidationType;

    // new method
    public bool ValidateUser(string username, string password, LoginValidationType validationType = LoginValidationType.WebsiteSpecific) {
        ValidationType = validationType;
        return ValidateUser(username, password);
    }

    // the original method
    public override bool ValidateUser(string username, string password) {
        // do stuff with username, password and this.ValidationType
    }

In your calling code you can now do:

        CustomMembershipProvider provider = new CustomMembershipProvider();
        // original method
        provider.ValidateUser("un", "pass"); 
        // or call our new overload
        provider.ValidateUser("un", "pass", LoginValidationType.WebsiteSpecific);

Instead of:

        Membership.ValidateUser("un", "pass");

But it still feels hacky. Just adding the new public method does not result in the default Membership class showing the method, and I don't know if it can be changed to do this anyway.

At least you don't have to abuse datatypes this way and have methods for specific situations.