我正在尝试使用mvc框架进行表单身份验证,但是如果我从页面登录并复制url并从页面注销并在其他浏览器或选项卡中打开它应该转到登录页面,但是它会重定向到需要首先进行身份验证的页面意味着直接进入登录页面而无需身份验证 任何帮助都会受到重视。
以下是我对web配置的设置:
<!--Using forms authentication-->
<location path="Content">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<!-- allow any user to see the login controller -->
<location path="~/Developer/Index">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<authentication mode="Forms">
<forms name=".ASPXFORMSAUTH" loginUrl="~/Developer/Index" timeout="2880" />
</authentication>
And in my controller login Action method i used
[HttpPost]
public ActionResult LoginAPI(LoginAPIFormModel loginapp)
{
if (!ModelState.IsValidField("username") || !ModelState.IsValidField("pwd"))
{
if (!ModelState.IsValidField("username"))
{
ModelState.AddModelError("username", "Invalid Email");
}
else
{
ModelState.AddModelError("Incomplete", "Please fill out each field");
}
return View(loginapp);
}
try
{
var context = new ndCorp_SiteEntities();
var Hashpwd = CreateHash(loginapp.pwd);
var res = context.DevUserInfoes.Where(i => i.UserName == loginapp.username && i.USerPwd == Hashpwd).FirstOrDefault() ;
TempData["mode"] = "LoginAPI";
FormsAuthentication.SetAuthCookie(loginapp.username, false);
return RedirectToAction("SuccessView");
}
catch (Exception ex)
{
Console.Write(ex);
return View(loginapp);
}
}
以下是登录后实际重定向到用户pag的javascript代码:
if (@Html.Raw(Json.Encode(TempData["mode"])) == "LoginAPI")
{
parent.closeFancybox();
//setTimeout(parent.closeFancybox(), 1000)
//window.top.closeFancybox();
var url = '@Html.Raw(Url.Action("ManageApps", "Developer", new { username =@Html.Raw(Json.Encode(TempData["uname"]))} ))';
url = url.replace(/%22/g,'');
parent.location.href = url;
}
答案 0 :(得分:0)
尝试将[Authorize]属性放置到控制器或视图中。