Membership Membership Membership Membership Class

定義

驗證使用者認證,並管理使用者設定。Validates user credentials and manages user settings. 這個類別無法被繼承。This class cannot be inherited.

public ref class Membership abstract sealed
public static class Membership
type Membership = class
Public Class Membership
繼承
MembershipMembershipMembershipMembership

範例

下列程式碼範例顯示設定為使用表單驗證和 ASP.NET 成員資格的 ASP.NET 應用程式的登入頁面。The following code example shows the login page for an ASP.NET application configured to use forms authentication and ASP.NET membership. 如果提供的使用者認證無效,則會向使用者顯示的訊息。If the supplied user credentials are invalid, a message is displayed to the user. 否則,使用者重新導向至原來要求的 URL 使用RedirectFromLoginPage方法。Otherwise, the user is redirected to the originally requested URL using the RedirectFromLoginPage method.

注意

ASP.NET 登入控制項 (LoginLoginViewLoginStatusLoginName,和PasswordRecovery) 封裝幾乎所有提示使用者提供認證和驗證認證中的成員資格系統所需的邏輯,而且可以是用來取代以程式設計方式檢查使用Membership類別。The ASP.NET login controls (Login, LoginView, LoginStatus, LoginName, and PasswordRecovery) encapsulate virtually all of the logic required to prompt users for credentials and validate the credentials in the membership system and can be used in place of programmatic checking using the Membership class.

重要

此範例包含一個文字方塊,接受使用者輸入,也就是潛在的安全性威脅。This example contains a text box that accepts user input, which is a potential security threat. 根據預設,ASP.NET Web 網頁會驗證使用者輸入未包含指令碼或 HTML 項目。By default, ASP.NET Web pages validate that user input does not include script or HTML elements. 如需詳細資訊,請參閱 Script Exploits Overview (指令碼攻擊概觀)。For more information, see Script Exploits Overview.

<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">

public void Login_OnClick(object sender, EventArgs args)
{
   if (Membership.ValidateUser(UsernameTextbox.Text, PasswordTextbox.Text))
      FormsAuthentication.RedirectFromLoginPage(UsernameTextbox.Text, NotPublicCheckBox.Checked);
   else
     Msg.Text = "Login failed. Please check your user name and password and try again.";
}


</script>

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
  <title>Login</title>
</head>
<body>

<form id="form1" runat="server">
  <h3>Login</h3>

  <asp:Label id="Msg" ForeColor="maroon" runat="server" /><br />

  Username: <asp:Textbox id="UsernameTextbox" runat="server" /><br />
  Password: <asp:Textbox id="PasswordTextbox" runat="server" TextMode="Password" /><br />
 
  <asp:Button id="LoginButton" Text="Login" OnClick="Login_OnClick" runat="server" />
  <asp:CheckBox id="NotPublicCheckBox" runat="server" /> 
  Check here if this is <span style="text-decoration:underline">not</span> a public computer.

</form>

</body>
</html>
<%@ Page Language="VB" %>
<%@ Import Namespace="System.Web.Security" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">

Public Sub Login_OnClick(sender As Object, args As  EventArgs)

   If (Membership.ValidateUser(UsernameTextbox.Text, PasswordTextbox.Text)) Then
      FormsAuthentication.RedirectFromLoginPage(UsernameTextbox.Text, NotPublicCheckBox.Checked)
   Else
     Msg.Text = "Login failed. Please check your user name and password and try again."
   End If

End Sub

</script>

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
  <title>Login</title>
</head>
<body>

<form id="form1" runat="server">
  <h3>Login</h3>

  <asp:Label id="Msg" ForeColor="maroon" runat="server" /><br />

  Username: <asp:Textbox id="UsernameTextbox" runat="server" /><br />
  Password: <asp:Textbox id="PasswordTextbox" runat="server" TextMode="Password" /><br />
 
  <asp:Button id="LoginButton" Text="Login" OnClick="Login_OnClick" runat="server" />
  <asp:CheckBox id="NotPublicCheckBox" runat="server" /> 
  Check here if this is <span style="text-decoration:underline">not</span> a public computer.

</form>

</body>
</html>

備註

Membership類別來驗證使用者認證和管理使用者設定,例如密碼和電子郵件地址時,會在 ASP.NET 應用程式。The Membership class is used in ASP.NET applications to validate user credentials and manage user settings such as passwords and email addresses. Membership類別可用於本身,或搭配FormsAuthentication來建立完整的系統,來驗證 Web 應用程式或網站的使用者。The Membership class can be used on its own, or in conjunction with the FormsAuthentication to create a complete system for authenticating users of a Web application or site. Login控制項封裝Membership類別提供方便的機制,來驗證使用者。The Login control encapsulates the Membership class to provide a convenient mechanism for validating users.

注意

如果您不熟悉 ASP.NET 的成員資格功能,請參閱成員資格簡介再繼續進行。If you are not familiar with the membership features of ASP.NET, see Introduction to Membership before continuing. 如需成員資格相關的其他主題的清單,請參閱使用的成員資格管理使用者For a list of other topics related to membership, see Managing Users by Using Membership.

Membership類別提供的功能:The Membership class provides facilities for:

  • 建立新的使用者。Creating new users.

  • Microsoft SQL Server 中或替代資料存放區中,請儲存 (使用者名稱、 密碼、 電子郵件地址和支援的資料) 的成員資格資訊。Storing membership information (user names, passwords, email addresses, and supporting data) in Microsoft SQL Server or in an alternative data store.

  • 瀏覽您的站台的驗證使用者。Authenticating users who visit your site. 您可以驗證使用者,以程式設計的方式,或者您可以使用Login控制項來建立需要少量或沒有程式碼的完整驗證系統。You can authenticate users programmatically, or you can use the Login control to create a complete authentication system that requires little or no code.

  • 管理密碼,其中包括建立、 變更、 擷取及重設,依此類推。Managing passwords, which includes creating, changing, retrieving, and resetting them, and so on. 您可以選擇性地設定為需要的密碼問題和解答,以驗證已忘記其密碼的使用者的密碼重設或擷取要求的 ASP.NET 成員資格。You can optionally configure ASP.NET membership to require a password question and answer to authenticate password reset or retrieval requests for users that have forgotten their password.

雖然 ASP.NET 成員資格是獨立的功能,在 ASP.NET 的驗證,但它可以與 ASP.NET 角色管理,以提供您網站的授權服務整合。Although ASP.NET membership is a self-standing feature in ASP.NET For authentication, it can be integrated with ASP.NET role management to provide authorization services for your site. 成員資格也可與 ASP.NET 使用者整合System.Web.Profile可以量身訂做的特定應用程式的自訂提供給個別使用者。Membership can also be integrated with the ASP.NET user System.Web.Profile to provide application-specific customization that can be tailored to individual users. 如需詳細資訊,請參閱 < 認識角色管理ASP.NET 設定檔屬性概觀For details, see Understanding Role Management and ASP.NET Profile Properties Overview.

Membership類別必須仰賴通訊與資料來源的成員資格提供者。The Membership class relies on membership providers to communicate with a data source. .NET Framework 包含SqlMembershipProvider,這會將使用者資訊儲存在 Microsoft SQL Server 資料庫中,和ActiveDirectoryMembershipProvider,可讓您在 Active Directory 或 Active Directory Application Mode (ADAM) 的伺服器上儲存使用者資訊。The .NET Framework includes a SqlMembershipProvider, which stores user information in a Microsoft SQL Server database, and an ActiveDirectoryMembershipProvider, which enables you to store user information on an Active Directory or Active Directory Application Mode (ADAM) server. 您也可以實作自訂的成員資格提供者與可用的替代資料來源通訊Membership類別。You can also implement a custom membership provider to communicate with an alternative data source that can be used by the Membership class. 自訂成員資格提供者繼承MembershipProvider抽象類別。Custom membership providers inherit the MembershipProvider abstract class. 如需詳細資訊,請參閱 < 實作成員資格提供者For more information, see Implementing a Membership Provider.

根據預設,所有的 ASP.NET 應用程式啟用 ASP.NET 成員資格。By default, ASP.NET membership is enabled for all ASP.NET applications. 預設成員資格提供者SqlMembershipProvider名稱的機器組態中指定AspNetSqlProviderThe default membership provider is the SqlMembershipProvider and is specified in the machine configuration with the name AspNetSqlProvider. 預設執行個體SqlMembershipProvider設定為連線到 Microsoft SQL Server 的本機執行個體。The default instance of the SqlMembershipProvider is configured to connect to a local instance of Microsoft SQL Server.

您可以修改預設設定,來指定SqlMembershipProvider以外的其他AspNetSqlProvider執行個體標示為預設的提供者,或指定您的 ASP.NET 應用程式,使用 Web.config 檔的預設提供者的自訂提供者執行個體。You can modify the default settings to specify a SqlMembershipProvider other than the AspNetSqlProvider instance as the default provider, or specify an instance of a custom provider as the default provider for your ASP.NET application using the Web.config file. 您可以指定 ASP.NET 成員資格設定您 Web 應用程式使用成員資格Web.config 檔案中的組態區段。You can specify the ASP.NET membership configuration for your Web application using the membership configuration section in the Web.config file. 您可以使用提供者的子區段的成員資格區段,以指定的成員資格提供者不是預設的提供者。You can use the providers subsection of the membership section to specify a membership provider other than one of the default providers. 例如,下列成員資格一節從目前的應用程式組態中移除預設的成員資格提供者,並將新的提供者名稱為SqlProvider連接至名為 SQL Server 執行個體AspSqlServer.For example, the following membership section removes the default membership providers from the current application configuration and adds a new provider with a name of SqlProvider that connects to a SQL Server instance named AspSqlServer.

<configuration>  
  <connectionStrings>  
    <add name="SqlServices" connectionString="Data Source=AspSqlServer;Integrated Security=SSPI;Initial Catalog=aspnetdb;" />  
  </connectionStrings>  
  <system.web>  
    <membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="20">  
      <providers>  
        <remove name="AspNetSqlProvider" />  
        <add name="SqlProvider"  
          type="System.Web.Security.SqlMembershipProvider"  
          connectionStringName="SqlServices"  
          enablePasswordRetrieval="false"  
          enablePasswordReset="true"  
          requiresQuestionAndAnswer="true"  
          passwordFormat="Hashed"  
          applicationName="/" />  
      </providers>  
    </membership>  
  </system.web>  
</configuration>  

屬性

ApplicationName ApplicationName ApplicationName ApplicationName

取得或設定應用程式的名稱。Gets or sets the name of the application.

EnablePasswordReset EnablePasswordReset EnablePasswordReset EnablePasswordReset

取得值,指出目前成員資格提供者是否設定為允許使用者重設密碼。Gets a value indicating whether the current membership provider is configured to allow users to reset their passwords.

EnablePasswordRetrieval EnablePasswordRetrieval EnablePasswordRetrieval EnablePasswordRetrieval

取得值,指出目前成員資格提供者是否設定為允許使用者擷取密碼。Gets a value indicating whether the current membership provider is configured to allow users to retrieve their passwords.

HashAlgorithmType HashAlgorithmType HashAlgorithmType HashAlgorithmType

演算法的識別項,用於雜湊密碼。The identifier of the algorithm used to hash passwords.

MaxInvalidPasswordAttempts MaxInvalidPasswordAttempts MaxInvalidPasswordAttempts MaxInvalidPasswordAttempts

取得鎖定成員資格使用者以前,所允許的無效密碼或密碼解答嘗試次數。Gets the number of invalid password or password-answer attempts allowed before the membership user is locked out.

MinRequiredNonAlphanumericCharacters MinRequiredNonAlphanumericCharacters MinRequiredNonAlphanumericCharacters MinRequiredNonAlphanumericCharacters

取得有效密碼中必須具有的最小特殊字元數。Gets the minimum number of special characters that must be present in a valid password.

MinRequiredPasswordLength MinRequiredPasswordLength MinRequiredPasswordLength MinRequiredPasswordLength

取得密碼所需的最小長度。Gets the minimum length required for a password.

PasswordAttemptWindow PasswordAttemptWindow PasswordAttemptWindow PasswordAttemptWindow

取得時間範圍,在此時間範圍內會追蹤提供有效密碼或密碼解答的連續失敗嘗試。Gets the time window between which consecutive failed attempts to provide a valid password or password answer are tracked.

PasswordStrengthRegularExpression PasswordStrengthRegularExpression PasswordStrengthRegularExpression PasswordStrengthRegularExpression

取得用來評估密碼的規則運算式。Gets the regular expression used to evaluate a password.

Provider Provider Provider Provider

取得應用程式預設成員資格提供者的參考。Gets a reference to the default membership provider for the application.

Providers Providers Providers Providers

取得 ASP.NET 應用程式的成員資格提供者集合。Gets a collection of the membership providers for the ASP.NET application.

RequiresQuestionAndAnswer RequiresQuestionAndAnswer RequiresQuestionAndAnswer RequiresQuestionAndAnswer

取得值,指出預設成員資格提供者是否要求使用者解答密碼問題,以便重設及擷取密碼。Gets a value indicating whether the default membership provider requires the user to answer a password question for password reset and retrieval.

UserIsOnlineTimeWindow UserIsOnlineTimeWindow UserIsOnlineTimeWindow UserIsOnlineTimeWindow

指定使用者最後活動日期/時間戳記之後的分鐘數,在其間使用者會視為在線上。Specifies the number of minutes after the last-activity date/time stamp for a user during which the user is considered online.

方法

CreateUser(String, String) CreateUser(String, String) CreateUser(String, String) CreateUser(String, String)

加入新的使用者至資料存放區。Adds a new user to the data store.

CreateUser(String, String, String) CreateUser(String, String, String) CreateUser(String, String, String) CreateUser(String, String, String)

新增具有指定電子郵件地址的新使用者至資料存放區。Adds a new user with a specified email address to the data store.

CreateUser(String, String, String, String, String, Boolean, MembershipCreateStatus) CreateUser(String, String, String, String, String, Boolean, MembershipCreateStatus) CreateUser(String, String, String, String, String, Boolean, MembershipCreateStatus) CreateUser(String, String, String, String, String, Boolean, MembershipCreateStatus)

加入具有指定屬性值的新使用者至資料存放區中,並傳回狀態參數,指出該使用者建立成功,或是使用者建立失敗的原因。Adds a new user with specified property values to the data store and returns a status parameter indicating that the user was successfully created or the reason the user creation failed.

CreateUser(String, String, String, String, String, Boolean, Object, MembershipCreateStatus) CreateUser(String, String, String, String, String, Boolean, Object, MembershipCreateStatus) CreateUser(String, String, String, String, String, Boolean, Object, MembershipCreateStatus) CreateUser(String, String, String, String, String, Boolean, Object, MembershipCreateStatus)

加入具有指定屬性值和唯一識別項的新使用者至資料存放區中,並傳回狀態參數,指出該使用者建立成功,或是使用者建立失敗的原因。Adds a new user with specified property values and a unique identifier to the data store and returns a status parameter indicating that the user was successfully created or the reason the user creation failed.

DeleteUser(String) DeleteUser(String) DeleteUser(String) DeleteUser(String)

從資料庫刪除使用者和任何相關的使用者資料。Deletes a user and any related user data from the database.

DeleteUser(String, Boolean) DeleteUser(String, Boolean) DeleteUser(String, Boolean) DeleteUser(String, Boolean)

從資料庫刪除使用者。Deletes a user from the database.

FindUsersByEmail(String, Int32, Int32, Int32) FindUsersByEmail(String, Int32, Int32, Int32) FindUsersByEmail(String, Int32, Int32, Int32) FindUsersByEmail(String, Int32, Int32, Int32)

以分頁資料的方式取得成員資格使用者的集合,其中的電子郵件地址包含必須符合的指定電子郵件地址。Gets a collection of membership users, in a page of data, where the email address contains the specified email address to match.

FindUsersByEmail(String) FindUsersByEmail(String) FindUsersByEmail(String) FindUsersByEmail(String)

取得成員資格使用者集合,其中電子郵件地址包含要符合的指定電子郵件地址。Gets a collection of membership users where the email address contains the specified email address to match.

FindUsersByName(String) FindUsersByName(String) FindUsersByName(String) FindUsersByName(String)

取得成員資格使用者的集合,其中的使用者名稱包含必須符合的特定使用者名稱。Gets a collection of membership users where the user name contains the specified user name to match.

FindUsersByName(String, Int32, Int32, Int32) FindUsersByName(String, Int32, Int32, Int32) FindUsersByName(String, Int32, Int32, Int32) FindUsersByName(String, Int32, Int32, Int32)

以分頁資料的方式取得成員資格使用者的集合,其中的使用者名稱包含必須符合的指定使用者名稱。Gets a collection of membership users, in a page of data, where the user name contains the specified user name to match.

GeneratePassword(Int32, Int32) GeneratePassword(Int32, Int32) GeneratePassword(Int32, Int32) GeneratePassword(Int32, Int32)

產生指定長度的隨機密碼。Generates a random password of the specified length.

GetAllUsers() GetAllUsers() GetAllUsers() GetAllUsers()

取得資料庫中所有使用者的集合。Gets a collection of all the users in the database.

GetAllUsers(Int32, Int32, Int32) GetAllUsers(Int32, Int32, Int32) GetAllUsers(Int32, Int32, Int32) GetAllUsers(Int32, Int32, Int32)

以分頁資料的方式取得資料庫中所有使用者集合。Gets a collection of all the users in the database in pages of data.

GetNumberOfUsersOnline() GetNumberOfUsersOnline() GetNumberOfUsersOnline() GetNumberOfUsersOnline()

取得目前存取應用程式的使用者數。Gets the number of users currently accessing an application.

GetUser(String, Boolean) GetUser(String, Boolean) GetUser(String, Boolean) GetUser(String, Boolean)

從資料來源取得指定成員資格使用者的資訊。Gets the information from the data source for the specified membership user. 如果已指定,則更新使用者的最後活動日期/時間戳記。Updates the last-activity date/time stamp for the user, if specified.

GetUser(Object, Boolean) GetUser(Object, Boolean) GetUser(Object, Boolean) GetUser(Object, Boolean)

從資料來源取得與指定唯一識別項相關聯之成員資格使用者的資訊。Gets the information from the data source for the membership user associated with the specified unique identifier. 如果已指定,則更新使用者的最後活動日期/時間戳記。Updates the last-activity date/time stamp for the user, if specified.

GetUser(String) GetUser(String) GetUser(String) GetUser(String)

從資料來源取得指定成員資格使用者的資訊。Gets the information from the data source for the specified membership user.

GetUser(Boolean) GetUser(Boolean) GetUser(Boolean) GetUser(Boolean)

從資料來源取得目前登入成員資格使用者的資訊。Gets the information from the data source for the current logged-on membership user. 如果已指定,會為目前登入的成員資格使用者,更新最後活動日期/時間戳記。Updates the last-activity date/time stamp for the current logged-on membership user, if specified.

GetUser() GetUser() GetUser() GetUser()

從資料來源取得資訊,並為目前登入的成員資格使用者,更新最後活動日期/時間戳記。Gets the information from the data source and updates the last-activity date/time stamp for the current logged-on membership user.

GetUser(Object) GetUser(Object) GetUser(Object) GetUser(Object)

從資料來源取得與指定唯一識別項相關聯之成員資格使用者的資訊。Gets the information from the data source for the membership user associated with the specified unique identifier.

GetUserNameByEmail(String) GetUserNameByEmail(String) GetUserNameByEmail(String) GetUserNameByEmail(String)

取得使用者名稱,其中使用者的電子郵件地址與指定的電子郵件地址相符。Gets a user name where the email address for the user matches the specified email address.

UpdateUser(MembershipUser) UpdateUser(MembershipUser) UpdateUser(MembershipUser) UpdateUser(MembershipUser)

以指定使用者的資訊更新資料庫。Updates the database with the information for the specified user.

ValidateUser(String, String) ValidateUser(String, String) ValidateUser(String, String) ValidateUser(String, String)

驗證所提供的使用者名稱和密碼是否有效。Verifies that the supplied user name and password are valid.

事件

ValidatingPassword ValidatingPassword ValidatingPassword ValidatingPassword

在建立使用者、變更密碼,或是重設密碼時發生。Occurs when a user is created, a password is changed, or a password is reset.

適用於

另請參閱