死简单的ASP.NET MVC 5密码保护？

Question

我有一个在Azure上运行的ASP.NET MVC 5 Web应用程序作为webrole.

有没有办法轻松密码保护整个网站？我不想要任何注册或帐户处理,只需要一个密码就可以进入网站(也许是用户名,但这不是必需的).类似于.htaccess文件的东西.

我所看到的ASP.NET MVC身份验证的每个示例都附带了大量要实现的代码,而Azure似乎无法支持基本身份验证(至少不容易).

Answer 1

你是对的,开箱即用的ASP.NET MVC中不支持基本身份验证.然而,你可以很容易地通过使用操作筛选器添加它,如所描述这里.首先,您需要创建一个动作过滤器:

public class BasicAuthenticationAttribute : ActionFilterAttribute
    {
        public string BasicRealm { get; set; }
        protected string Username { get; set; }
        protected string Password { get; set; }

        public BasicAuthenticationAttribute(string username, string password)
        {
            this.Username = username;
            this.Password = password;
        }

        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            var req = filterContext.HttpContext.Request;
            var auth = req.Headers["Authorization"];
            if (!String.IsNullOrEmpty(auth))
            {
                var cred = System.Text.ASCIIEncoding.ASCII.GetString(Convert.FromBase64String(auth.Substring(6))).Split(':');
                var user = new { Name = cred[0], Pass = cred[1] };
                if (user.Name == Username && user.Pass == Password) return;
            }
            var res = filterContext.HttpContext.Response;
            res.StatusCode = 401;
            res.AddHeader("WWW-Authenticate", String.Format("Basic realm=\"{0}\"", BasicRealm ?? "Ryadel"));
            res.End();
        }
    }

然后,您可以使用属性保护操作,控制器:

[BasicAuthenticationAttribute("your-username", "your-password", BasicRealm = "your-realm")]
public class HomeController : BaseController
{
   ...
}

要保护整个网站,请将此过滤器添加到全局过滤器:

protected void Application_Start()
{
    ...
    GlobalFilters.Filters.Add(new BasicAuthenticationAttribute("your-username", "your-password"));
    ...
}