为什么我得到 User.Identity.IsAuthenticated false
Why do I get User.Identity.IsAuthenticated false
我的 User.Identity.IsAuthenticated 是假的。我认为这是导致我的第二个问题的原因:我 无法使用 [Authorize] 装饰器访问 控制器。
我的代码是:
我的 MembershipProvider 继承,在 ValidateUser 上实现:
public override bool ValidateUser(string username, string password)
{
if (string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password))
return false;
var user = DBManager.Context.Usuarios.First(x => x.Nombre == username);
if (user.Pass != password)
return false;
return true;
}
我的Web.Config认证部分:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" defaultUrl="~/" timeout="20" slidingExpiration="true" />
</authentication>
<membership defaultProvider="Membership">
<providers>
<clear />
<add name="Membership"
type="SGKS.Security.Membership" />
</providers>
</membership>
我的Contorller:
[HttpGet]
[AllowAnonymous]
public ActionResult Login()
{
if (User.Identity.IsAuthenticated)
{
return RedirectToAction("Index", "Facutra");
}
return View();
}
[HttpPost]
[AllowAnonymous]
public ActionResult Login(Login model)
{
if (ModelState.IsValid)
{
if (System.Web.Security.Membership.ValidateUser(model.Nombre, model.Pass))
{
FormsAuthentication.SetAuthCookie(model.Nombre, model.Recordarme);
}
ViewBag.Error = "Usuario y/o contraseña incorrectos.";
}
return View(model);
}
我找到了答案here:
When you call FormsAuthentication.SetAuthCookie upon successful authentication you are adding the authentication cookie to the response. This cookie will be stored on the client browser and will be sent on subsequent requests. So it is only on subsequent requests that the user will be considered as authenticated. So you need to always redirect after calling the SetAuthCookie method.
也就是说,你需要在调用FormsAuthentication.SetAuthCookie后立即添加RedirectToAction。
[HttpPost]
[AllowAnonymous]
// The ASP.NET framework automatically puts a returnUrl query string parameter of the original
// page the user requested. You just need to add that parameter here to gain access to it
// (assuming you want to redirect the user back to the original requested page rather than
// some start page).
public ActionResult Login(Login model, string returnUrl)
{
if (ModelState.IsValid)
{
if (System.Web.Security.Membership.ValidateUser(model.Nombre, model.Pass))
{
FormsAuthentication.SetAuthCookie(model.Nombre, model.Recordarme);
// Redirect so the next request can see the user as authenticated
if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
&& !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\"))
{
return Redirect(returnUrl);
}
else
{
return RedirectToAction("Index", "Home");
}
}
ViewBag.Error = "Usuario y/o contraseña incorrectos.";
}
return View(model);
}
我的 User.Identity.IsAuthenticated 是假的。我认为这是导致我的第二个问题的原因:我 无法使用 [Authorize] 装饰器访问 控制器。
我的代码是:
我的
MembershipProvider继承,在ValidateUser上实现:public override bool ValidateUser(string username, string password) { if (string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password)) return false; var user = DBManager.Context.Usuarios.First(x => x.Nombre == username); if (user.Pass != password) return false; return true; }我的
Web.Config认证部分:<authentication mode="Forms"> <forms loginUrl="~/Account/Login" defaultUrl="~/" timeout="20" slidingExpiration="true" /> </authentication> <membership defaultProvider="Membership"> <providers> <clear /> <add name="Membership" type="SGKS.Security.Membership" /> </providers> </membership>我的
Contorller:[HttpGet] [AllowAnonymous] public ActionResult Login() { if (User.Identity.IsAuthenticated) { return RedirectToAction("Index", "Facutra"); } return View(); } [HttpPost] [AllowAnonymous] public ActionResult Login(Login model) { if (ModelState.IsValid) { if (System.Web.Security.Membership.ValidateUser(model.Nombre, model.Pass)) { FormsAuthentication.SetAuthCookie(model.Nombre, model.Recordarme); } ViewBag.Error = "Usuario y/o contraseña incorrectos."; } return View(model); }
我找到了答案here:
When you call
FormsAuthentication.SetAuthCookieupon successful authentication you are adding the authentication cookie to the response. This cookie will be stored on the client browser and will be sent on subsequent requests. So it is only on subsequent requests that the user will be considered as authenticated. So you need to always redirect after calling theSetAuthCookiemethod.
也就是说,你需要在调用FormsAuthentication.SetAuthCookie后立即添加RedirectToAction。
[HttpPost]
[AllowAnonymous]
// The ASP.NET framework automatically puts a returnUrl query string parameter of the original
// page the user requested. You just need to add that parameter here to gain access to it
// (assuming you want to redirect the user back to the original requested page rather than
// some start page).
public ActionResult Login(Login model, string returnUrl)
{
if (ModelState.IsValid)
{
if (System.Web.Security.Membership.ValidateUser(model.Nombre, model.Pass))
{
FormsAuthentication.SetAuthCookie(model.Nombre, model.Recordarme);
// Redirect so the next request can see the user as authenticated
if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
&& !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\"))
{
return Redirect(returnUrl);
}
else
{
return RedirectToAction("Index", "Home");
}
}
ViewBag.Error = "Usuario y/o contraseña incorrectos.";
}
return View(model);
}