Membership 类

定义

验证用户凭据并管理用户设置。Validates user credentials and manages user settings. 此类不能被继承。This class cannot be inherited.

public ref class Membership abstract sealed
public static class Membership
type Membership = class
Public Class Membership
继承
Membership

示例

下面的代码示例显示了配置为使用 forms 身份验证和 ASP.NET 成员身份的 ASP.NET 应用程序的登录页。The following code example shows the login page for an ASP.NET application configured to use forms authentication and ASP.NET membership. 如果提供的用户凭据无效,则向用户显示一条消息。If the supplied user credentials are invalid, a message is displayed to the user. 否则,使用RedirectFromLoginPage方法将用户重定向到最初请求的 URL。Otherwise, the user is redirected to the originally requested URL using the RedirectFromLoginPage method.

备注

ASP.NET 登录控件(LoginLoginViewLoginStatus LoginName、和PasswordRecovery)封装了提示用户提供凭据并验证成员资格系统中的凭据所需的所有逻辑,并可以用于取代使用Membership类的编程检查。The ASP.NET login controls (Login, LoginView, LoginStatus, LoginName, and PasswordRecovery) encapsulate virtually all of the logic required to prompt users for credentials and validate the credentials in the membership system and can be used in place of programmatic checking using the Membership class.

重要

此示例包含一个文本框,该文本框接受用户输入,这是一个潜在的安全威胁。This example contains a text box that accepts user input, which is a potential security threat. 默认情况下,ASP.NET 网页验证用户输入是否不包含脚本或 HTML 元素。By default, ASP.NET Web pages validate that user input does not include script or HTML elements. 有关详细信息,请参阅脚本侵入概述For more information, see Script Exploits Overview.

<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">

public void Login_OnClick(object sender, EventArgs args)
{
   if (Membership.ValidateUser(UsernameTextbox.Text, PasswordTextbox.Text))
      FormsAuthentication.RedirectFromLoginPage(UsernameTextbox.Text, NotPublicCheckBox.Checked);
   else
     Msg.Text = "Login failed. Please check your user name and password and try again.";
}


</script>

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
  <title>Login</title>
</head>
<body>

<form id="form1" runat="server">
  <h3>Login</h3>

  <asp:Label id="Msg" ForeColor="maroon" runat="server" /><br />

  Username: <asp:Textbox id="UsernameTextbox" runat="server" /><br />
  Password: <asp:Textbox id="PasswordTextbox" runat="server" TextMode="Password" /><br />
 
  <asp:Button id="LoginButton" Text="Login" OnClick="Login_OnClick" runat="server" />
  <asp:CheckBox id="NotPublicCheckBox" runat="server" /> 
  Check here if this is <span style="text-decoration:underline">not</span> a public computer.

</form>

</body>
</html>
<%@ Page Language="VB" %>
<%@ Import Namespace="System.Web.Security" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">

Public Sub Login_OnClick(sender As Object, args As  EventArgs)

   If (Membership.ValidateUser(UsernameTextbox.Text, PasswordTextbox.Text)) Then
      FormsAuthentication.RedirectFromLoginPage(UsernameTextbox.Text, NotPublicCheckBox.Checked)
   Else
     Msg.Text = "Login failed. Please check your user name and password and try again."
   End If

End Sub

</script>

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
  <title>Login</title>
</head>
<body>

<form id="form1" runat="server">
  <h3>Login</h3>

  <asp:Label id="Msg" ForeColor="maroon" runat="server" /><br />

  Username: <asp:Textbox id="UsernameTextbox" runat="server" /><br />
  Password: <asp:Textbox id="PasswordTextbox" runat="server" TextMode="Password" /><br />
 
  <asp:Button id="LoginButton" Text="Login" OnClick="Login_OnClick" runat="server" />
  <asp:CheckBox id="NotPublicCheckBox" runat="server" /> 
  Check here if this is <span style="text-decoration:underline">not</span> a public computer.

</form>

</body>
</html>

注解

Membership类用于 ASP.NET 应用程序中,用于验证用户凭据并管理用户设置(例如密码和电子邮件地址)。The Membership class is used in ASP.NET applications to validate user credentials and manage user settings such as passwords and email addresses. 类可以单独使用,也可以FormsAuthentication与结合使用来创建用于对 Web 应用程序或站点的用户进行身份验证的完整系统。 MembershipThe Membership class can be used on its own, or in conjunction with the FormsAuthentication to create a complete system for authenticating users of a Web application or site. Login 控件Membership封装类,以提供一种方便的机制来验证用户。The Login control encapsulates the Membership class to provide a convenient mechanism for validating users.

备注

如果你不熟悉 ASP.NET 的成员资格功能,请参阅 "成员资格简介",然后继续。If you are not familiar with the membership features of ASP.NET, see Introduction to Membership before continuing. 有关与成员资格相关的其他主题的列表,请参阅使用成员身份管理用户For a list of other topics related to membership, see Managing Users by Using Membership.

Membership类提供用于的功能:The Membership class provides facilities for:

  • 正在创建新用户。Creating new users.

  • 将成员身份信息(用户名、密码、电子邮件地址和支持数据)存储在 Microsoft SQL Server 或备用数据存储区中。Storing membership information (user names, passwords, email addresses, and supporting data) in Microsoft SQL Server or in an alternative data store.

  • 对访问你的站点的用户进行身份验证。Authenticating users who visit your site. 您可以通过编程方式对用户进行身份验证, Login也可以使用控件来创建完全不需要代码的身份验证系统。You can authenticate users programmatically, or you can use the Login control to create a complete authentication system that requires little or no code.

  • 管理密码,包括创建、更改、检索和重置这些密码等。Managing passwords, which includes creating, changing, retrieving, and resetting them, and so on. 你可以选择性地配置 ASP.NET 成员身份,以要求提供密码提示问题和答案来验证忘记密码的用户的密码重置或检索请求。You can optionally configure ASP.NET membership to require a password question and answer to authenticate password reset or retrieval requests for users that have forgotten their password.

尽管 ASP.NET 的成员资格是 ASP.NET 中用于身份验证的自助功能,但它可以与 ASP.NET 角色管理集成,从而为你的站点提供授权服务。Although ASP.NET membership is a self-standing feature in ASP.NET For authentication, it can be integrated with ASP.NET role management to provide authorization services for your site. 成员资格还可与 ASP.NET 用户System.Web.Profile集成,提供特定于应用程序的自定义项,可针对单个用户进行定制。Membership can also be integrated with the ASP.NET user System.Web.Profile to provide application-specific customization that can be tailored to individual users. 有关详细信息,请参阅了解角色管理ASP.NET 配置文件属性概述For details, see Understanding Role Management and ASP.NET Profile Properties Overview.

Membership类依赖于成员资格提供程序来与数据源进行通信。The Membership class relies on membership providers to communicate with a data source. .NET Framework 包括将SqlMembershipProvider用户信息存储在 Microsoft SQL Server 数据库中的, ActiveDirectoryMembershipProvider以及用于将用户信息存储在 Active Directory 或 Active Directory 应用程序模式(ADAM)服务器上的。The .NET Framework includes a SqlMembershipProvider, which stores user information in a Microsoft SQL Server database, and an ActiveDirectoryMembershipProvider, which enables you to store user information on an Active Directory or Active Directory Application Mode (ADAM) server. 您还可以实现自定义成员资格提供程序,以便与可由Membership类使用的备用数据源进行通信。You can also implement a custom membership provider to communicate with an alternative data source that can be used by the Membership class. 自定义成员资格提供MembershipProvider程序继承抽象类。Custom membership providers inherit the MembershipProvider abstract class. 有关详细信息,请参阅实现成员资格提供程序For more information, see Implementing a Membership Provider.

默认情况下,为所有 ASP.NET 应用程序启用 ASP.NET 成员身份。By default, ASP.NET membership is enabled for all ASP.NET applications. 默认的成员资格提供程序SqlMembershipProvider是,并在计算机配置中指定名称。 AspNetSqlProviderThe default membership provider is the SqlMembershipProvider and is specified in the machine configuration with the name AspNetSqlProvider. SqlMembershipProvider默认实例配置为连接到 Microsoft SQL Server 的本地实例。The default instance of the SqlMembershipProvider is configured to connect to a local instance of Microsoft SQL Server.

您可以修改默认设置以将SqlMembershipProvider AspNetSqlProvider实例指定为默认提供程序,或者将自定义提供程序的实例指定为使用 web.config 文件的 ASP.NET 应用程序的默认提供程序。You can modify the default settings to specify a SqlMembershipProvider other than the AspNetSqlProvider instance as the default provider, or specify an instance of a custom provider as the default provider for your ASP.NET application using the Web.config file. 您可以使用 web.config 文件中的成员身份配置节来指定 web 应用程序的 ASP.NET 成员身份配置。You can specify the ASP.NET membership configuration for your Web application using the membership configuration section in the Web.config file. 您可以使用 "成员身份" 部分的 "提供程序" 子节来指定除默认提供程序以外的成员资格提供程序。You can use the providers subsection of the membership section to specify a membership provider other than one of the default providers. 例如,下面的成员资格部分从当前应用程序配置中删除默认的成员资格提供程序,并添加一个新的SqlProvider提供程序,其名称连接到AspSqlServer名为的 SQL Server 实例。For example, the following membership section removes the default membership providers from the current application configuration and adds a new provider with a name of SqlProvider that connects to a SQL Server instance named AspSqlServer.

<configuration>  
  <connectionStrings>  
    <add name="SqlServices" connectionString="Data Source=AspSqlServer;Integrated Security=SSPI;Initial Catalog=aspnetdb;" />  
  </connectionStrings>  
  <system.web>  
    <membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="20">  
      <providers>  
        <remove name="AspNetSqlProvider" />  
        <add name="SqlProvider"  
          type="System.Web.Security.SqlMembershipProvider"  
          connectionStringName="SqlServices"  
          enablePasswordRetrieval="false"  
          enablePasswordReset="true"  
          requiresQuestionAndAnswer="true"  
          passwordFormat="Hashed"  
          applicationName="/" />  
      </providers>  
    </membership>  
  </system.web>  
</configuration>  

属性

ApplicationName

获取或设置应用程序的名称。Gets or sets the name of the application.

EnablePasswordReset

获得一个值,指示当前成员资格提供程序是否配置为允许用户重置其密码。Gets a value indicating whether the current membership provider is configured to allow users to reset their passwords.

EnablePasswordRetrieval

获得一个值,指示当前成员资格提供程序是否配置为允许用户检索其密码。Gets a value indicating whether the current membership provider is configured to allow users to retrieve their passwords.

HashAlgorithmType

用于哈希密码的算法的标识符。The identifier of the algorithm used to hash passwords.

MaxInvalidPasswordAttempts

获取锁定成员资格用户前允许的无效密码或无效密码提示问题答案尝试次数。Gets the number of invalid password or password-answer attempts allowed before the membership user is locked out.

MinRequiredNonAlphanumericCharacters

获取有效密码中必须包含的最少特殊字符数。Gets the minimum number of special characters that must be present in a valid password.

MinRequiredPasswordLength

获取密码所要求的最小长度。Gets the minimum length required for a password.

PasswordAttemptWindow

获取时间长度,在该时间间隔内对提供有效密码或密码答案的连续失败尝试次数进行跟踪。Gets the time window between which consecutive failed attempts to provide a valid password or password answer are tracked.

PasswordStrengthRegularExpression

获取用于计算密码的正则表达式。Gets the regular expression used to evaluate a password.

Provider

获取对应用程序的默认成员资格提供程序的引用。Gets a reference to the default membership provider for the application.

Providers

获取一个用于 ASP.NET 应用程序的成员资格提供程序的集合。Gets a collection of the membership providers for the ASP.NET application.

RequiresQuestionAndAnswer

获取一个值,该值指示默认成员资格提供程序是否求用户在进行密码重置和检索时回答密码提示问题。Gets a value indicating whether the default membership provider requires the user to answer a password question for password reset and retrieval.

UserIsOnlineTimeWindow

指定用户在最近一次活动的日期/时间戳之后被视为联机的分钟数。Specifies the number of minutes after the last-activity date/time stamp for a user during which the user is considered online.

方法

CreateUser(String, String)

将新用户添加到数据存储区。Adds a new user to the data store.

CreateUser(String, String, String)

将具有指定电子邮件地址的新用户添加到数据存储。Adds a new user with a specified email address to the data store.

CreateUser(String, String, String, String, String, Boolean, MembershipCreateStatus)

将具有指定属性值的新用户添加到数据存储区,并返回一个状态参数,指示该用户是否成功创建或用户创建失败的原因。Adds a new user with specified property values to the data store and returns a status parameter indicating that the user was successfully created or the reason the user creation failed.

CreateUser(String, String, String, String, String, Boolean, Object, MembershipCreateStatus)

将具有指定的属性值和唯一的标识符的新用户添加到数据存储区,并返回一个状态参数,指示该用户是否成功创建或用户创建失败的原因。Adds a new user with specified property values and a unique identifier to the data store and returns a status parameter indicating that the user was successfully created or the reason the user creation failed.

DeleteUser(String)

从数据库中删除用户和任何相关的用户数据。Deletes a user and any related user data from the database.

DeleteUser(String, Boolean)

从数据库中删除一个用户。Deletes a user from the database.

FindUsersByEmail(String)

获取成员资格用户集合,这些用户的电子邮件地址包含要匹配的指定电子邮件地址。Gets a collection of membership users where the email address contains the specified email address to match.

FindUsersByEmail(String, Int32, Int32, Int32)

获取成员资格用户集合并显示在一个数据页中,这些用户的电子邮件地址包含要匹配的指定电子邮件地址。Gets a collection of membership users, in a page of data, where the email address contains the specified email address to match.

FindUsersByName(String)

获取一个成员资格用户的集合,其中的用户名包含要匹配的指定用户名。Gets a collection of membership users where the user name contains the specified user name to match.

FindUsersByName(String, Int32, Int32, Int32)

获取一个成员资格用户的集合,并显示在一个数据页中,这些用户的用户名包含要匹配的指定用户名。Gets a collection of membership users, in a page of data, where the user name contains the specified user name to match.

GeneratePassword(Int32, Int32)

生成指定长度的随机密码。Generates a random password of the specified length.

GetAllUsers()

获取数据库中所有用户的集合。Gets a collection of all the users in the database.

GetAllUsers(Int32, Int32, Int32)

获取数据库中的所有用户的集合,并显示在数据页中。Gets a collection of all the users in the database in pages of data.

GetNumberOfUsersOnline()

获取当前访问应用程序的用户数。Gets the number of users currently accessing an application.

GetUser()

从数据源获取信息并为当前已登录的成员资格用户更新最后一次活动日期/时间戳。Gets the information from the data source and updates the last-activity date/time stamp for the current logged-on membership user.

GetUser(Boolean)

从数据源获取当前已登录的成员资格用户的信息。Gets the information from the data source for the current logged-on membership user. 为当前已登录的成员资格用户(如果被指定)更新最后一次活动的日期/时间戳。Updates the last-activity date/time stamp for the current logged-on membership user, if specified.

GetUser(Object)

从数据源获取与指定的唯一标识符关联的成员资格用户信息。Gets the information from the data source for the membership user associated with the specified unique identifier.

GetUser(Object, Boolean)

从数据源获取与指定的唯一标识符关联的成员资格用户信息。Gets the information from the data source for the membership user associated with the specified unique identifier. 更新用户(如果指定)的最近一次活动的日期/时间戳。Updates the last-activity date/time stamp for the user, if specified.

GetUser(String)

从数据源获取指定成员资格用户的信息。Gets the information from the data source for the specified membership user.

GetUser(String, Boolean)

从数据源获取指定成员资格用户的信息。Gets the information from the data source for the specified membership user. 更新用户(如果指定)的最近一次活动的日期/时间戳。Updates the last-activity date/time stamp for the user, if specified.

GetUserNameByEmail(String)

获取一个用户名,该用户的电子邮件地址与指定的电子邮件地址匹配。Gets a user name where the email address for the user matches the specified email address.

UpdateUser(MembershipUser)

用指定用户的信息更新数据库。Updates the database with the information for the specified user.

ValidateUser(String, String)

验证提供的用户名和密码是有效的。Verifies that the supplied user name and password are valid.

事件

ValidatingPassword

在创建用户、更改密码或重置密码时发生。Occurs when a user is created, a password is changed, or a password is reset.

适用于

另请参阅