• NOP登录验证管理


    截取Nop登录代码如下:

    其实

     public ActionResult Login(LoginModel model, string returnUrl, bool captchaValid)
            {
                //validate CAPTCHA
                if (_captchaSettings.Enabled && _captchaSettings.ShowOnLoginPage && !captchaValid)
                {
                    ModelState.AddModelError("", _localizationService.GetResource("Common.WrongCaptcha"));
                }
    
                if (ModelState.IsValid)
                {
                    if (_customerSettings.UsernamesEnabled && model.Username != null)
                    {
                        model.Username = model.Username.Trim();
                    }
                    var loginResult = _customerRegistrationService.ValidateCustomer(_customerSettings.UsernamesEnabled ? model.Username : model.Email, model.Password);
                    switch (loginResult)
                    {
                        case CustomerLoginResults.Successful:
                            {
                                var customer = _customerSettings.UsernamesEnabled ? _customerService.GetCustomerByUsername(model.Username) : _customerService.GetCustomerByEmail(model.Email);
    
                                //migrate shopping cart
                                _shoppingCartService.MigrateShoppingCart(_workContext.CurrentCustomer, customer, true);
    
                                //sign in new customer
                                _authenticationService.SignIn(customer, model.RememberMe);
    _authenticationService.SignIn(customer, model.RememberMe)方法接受2个参数;第一个参数是根据Username或Email查询出来的,也是在我们需要将它写入Cookie的,第二个参数决定是否记住登录,即Cookie是持久的。

    下面进入方法体来看下,代码如下:
      public virtual void SignIn(Customer customer, bool createPersistentCookie)
            {
                var now = DateTime.UtcNow.ToLocalTime();
    
                var ticket = new FormsAuthenticationTicket(
                    1 /*version*/,
                    _customerSettings.UsernamesEnabled ? customer.Username : customer.Email,
                    now,
                    now.Add(_expirationTimeSpan),
                    createPersistentCookie,
                    _customerSettings.UsernamesEnabled ? customer.Username : customer.Email,
                    FormsAuthentication.FormsCookiePath);
    
                var encryptedTicket = FormsAuthentication.Encrypt(ticket);
    
                var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
                cookie.HttpOnly = true;
                if (ticket.IsPersistent)
                {
                    cookie.Expires = ticket.Expiration;
                }
                cookie.Secure = FormsAuthentication.RequireSSL;
                cookie.Path = FormsAuthentication.FormsCookiePath;
                if (FormsAuthentication.CookieDomain != null)
                {
                    cookie.Domain = FormsAuthentication.CookieDomain;
                }
    
                _httpContext.Response.Cookies.Add(cookie);
                _cachedCustomer = customer;
            }

    从上面可以看出,NOP主要干了一下几个事情:

    1.根据客户名创建了一个FormsAuthenticationTicket对象

    2.调用FormsAuthentication.Encrypt()方法加密

    3.根据加密结果创建HttpCookie对象,并写入Response

    有个上面的几步,以后每次请求将带上前面加密的Cookie,供服务器来验证用户的登录状态。

  • 相关阅读:
    装饰器
    kolla部署all-in-one
    k8s集群部署gitlab
    helm部署gitlab
    控制器和pod调度流程
    esxi安装
    Linux系统性能分析工具
    configMap和secret
    etcd 问题、调优、监控
    动感单车
  • 原文地址:https://www.cnblogs.com/xujie520/p/5141799.html
Copyright © 2020-2023  润新知