我想知道如何根据现有的asp.net会员数据库验证用户的凭证。简而言之,我们希望提供访问的单一标志。如何根据ASP.NET成员资格数据库手动验证用户?
所以我做了什么是直接连接到会员数据库,并试图在其上运行aspnet_Membership表的SQL查询:
private bool CanLogin(string userName, string password)
{
// Check DB to see if the credential is correct
try
{
string passwordHash = FormsAuthentication.HashPasswordForStoringInConfigFile(password, "SHA1");
string sql = string.Format("select 1 from aspnet_Users a inner join aspnet_Membership b on a.UserId = b.UserId and a.applicationid = b.applicationid where a.username = '{0}' and b.password='{1}'", userName.ToLowerInvariant(), passwordHash);
using (SqlConnection sqlConn = new SqlConnection(ConfigurationManager.ConnectionStrings["LocalSqlServer"].ConnectionString))
using (SqlCommand sqlCmd = new SqlCommand(sql, sqlConn))
{
sqlConn.Open();
int count = sqlCmd.ExecuteNonQuery();
return count == 1;
}
}
catch (Exception ex)
{
return false;
}
}
的问题是密码值,没有人知道如何密码它是散列?
你知道什么web.config设置是必需的吗?我们无法将身份验证模式更改为表单,因为这会破坏SharePoint网站 – Ekk 2010-05-18 10:20:01
@Ekk:我编辑了我的答案 – abatishchev 2010-05-18 11:47:03