我想知道是否有一个更有效的路线来采取。使用AspNet.Identity
我希望允许用户使用他们的UserName
或Email
登录到同一个文本框。我继续在AccountController Login ActionResult
中解决这个问题。我打电话之前运行检查:允许用户使用电子邮件或用户名(AspNet.Identity)登录
var result = await SignInManager.PasswordSignInAsync(model.UserName, model.Password, model.RememberMe, shouldLockout: true);
的检查:
//TODO: determine if there is a more efficient way to allow user to login either with Email || UserName
if (model.UserName.Contains("@"))
{
using (var context = new ApplicationDbContext())
{
model.UserName = (context.Users.Any(p => p.Email == model.UserName)) ?
context.Users.SingleOrDefault(p => p.Email == model.UserName).UserName :
model.UserName;
}
}
我在这里的担忧有两个方面:
- 是他们这样做更有效的可行之路。
- 我是否以这种方式引入了新的安全风险或性能风险?
我包括下面的整个
ActionResult
参考。
//
// POST: /Account/Login
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
if (!ModelState.IsValid)
{
return View(model);
}
//TODO: determine if there is a more efficient way to allow user to login either with Email || UserName
if (model.UserName.Contains("@"))
{
using (var context = new ApplicationDbContext())
{
model.UserName = (context.Users.Any(p => p.Email == model.UserName)) ?
context.Users.SingleOrDefault(p => p.Email == model.UserName).UserName :
model.UserName;
}
}
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, change to shouldLockout: true
var result = await SignInManager.PasswordSignInAsync(model.UserName, model.Password, model.RememberMe, shouldLockout: true);
switch (result)
{
case SignInStatus.Success:
return RedirectToLocal(returnUrl);
case SignInStatus.LockedOut:
return View("Lockout");
case SignInStatus.RequiresVerification:
return RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe });
case SignInStatus.Failure:
default:
ModelState.AddModelError("", "Invalid login attempt.");
return View(model);
}
}
您可以先不检查条目是否具有“@”。 – 2014-09-24 05:35:36
@RedSerpent我检查该条目是否具有“@”的原因是因为如果我不需要,我不想用'context.Users.Any' LINQ查询命中数据库。碰到数据库会是一个更好的解决方案吗?你有什么问题来检查'@'? – aaronmallen 2014-09-24 05:39:50
当我以Identity 1.0开头时,我遇到了同样的问题,我不得不同时插入email和userName字段。 – DSR 2014-09-24 08:27:35