我有这个完全相同的要求.我有自己的用户和角色架构，不想迁移到 asp.net 成员架构，但我确实想使用 ASP.NET MVC 操作过滤器来检查授权和角色.我不得不进行大量挖掘才能确切地找出需要完成的工作，但最终还是相对容易的.我会省去你的麻烦，告诉你我做了什么.

I had this exact same requirement. I had my own user and role schema and did not want to migrate to the asp.net membership schema but I did want to use the ASP.NET MVC action filters for checking authorization and roles. I had to do a fair amount of digging to find out exactly what needed to be done, but in the end it was relatively easy. I'll save you the trouble and tell you what I did.

1) 我创建了一个派生自 System.Web.Security.MembershipProvider 的类.MembershipProvider 有大量抽象方法用于各种与身份验证相关的功能，例如忘记密码、更改密码、创建新用户等.我想要的只是能够根据我自己的模式进行身份验证.所以我的班级主要包含空覆盖.我只是覆盖了 ValidateUser:

1) I created a class that derived from System.Web.Security.MembershipProvider. MembershipProvider has a ton of abstract methods for all sorts of authentication-related functions like forgot password, change password, create new user, etc. All I wanted was the ability to authenticate against my own schema. So my class contained mainly empty overrides. I just overrode ValidateUser:

public override bool ValidateUser(string username, string password)
{
    if (string.IsNullOrWhiteSpace(username) ||
        string.IsNullOrWhiteSpace(password))
      return false;

    string hash = EncryptPassword(password);
    User user = _repository.GetByUserName(username);
    if (user == null) return false;

    return user.Password == hash;
}

2) 我创建了一个派生自 System.Web.Security.RoleProvider 的类.同样，对于我不需要的所有绒毛，我只有空的实现，比如创建和改变角色.我只是覆盖了两种方法:

2) I created a class that derived from System.Web.Security.RoleProvider. Again, I just had empty implementations for all the fluff I did not need like creating and changing roles. I just overrode two methods:

public override string[] GetRolesForUser(string username)
{
    User user = _repository.GetByUserName(username);
    string[] roles = new string[user.Role.Rights.Count + 1];
    roles[0] = user.Role.Description;
    int idx = 0;
    foreach (Right right in user.Role.Rights)
        roles[++idx] = right.Description;
    return roles;
}

public override bool IsUserInRole(string username, string roleName)
{
    User user = _repository.GetByUserName(username);
    if(user!=null)
        return user.IsInRole(roleName);
    else
        return false;
}

3) 然后我将这两个类插入到我的 web.config 中:

3) Then I plugged these two classes into my web.config:

<membership defaultProvider="FirstlookMemberProvider" userIsOnlineTimeWindow="15">
  <providers>
    <clear/>
    <add name="FirstlookMemberProvider" type="FirstlookAdmin.DomainEntities.FirstlookMemberProvider, FirstlookAdmin" />
  </providers>
</membership>
<roleManager defaultProvider="FirstlookRoleProvider" enabled="true" cacheRolesInCookie="true">
  <providers>
    <clear/>
    <add name="FirstlookRoleProvider" type="FirstlookAdmin.DomainEntities.FirstlookRoleProvider, FirstlookAdmin" />
  </providers>
</roleManager>

就是这样.默认授权操作过滤器将使用这些类.您仍然需要处理登录页面的登录和注销.只需像往常一样使用标准表单身份验证类即可.

That's it. The default authorization action filters will use these classes. You will still have to handle the login page sign in and sign off. Just use the standard forms authentication classes for this like you normally would.