ASP.NET MVC 3 HttpContext.Current.User.Identity.IsAuthenticated始终为false

时间:2013-12-14 15:51:33

标签: asp.net-mvc-3 authentication authorize-attribute

我有两个控制器,AdminController和AccountController,代码如下

的AccountController:

[HttpPost]
    public ActionResult LogOn(LogOnViewModel model)
    {
        if (ModelState.IsValid)
        {
            _authenticationService.SetPrincipal(model.UserName);
            var exists = _authenticationService.ValidateCredentials(userName, password);
            FormsAuthentication.SetAuthCookie(model.UserName, false);
            if(exists){
                 return RedirectToAction("Index", "Admin");

            }
        }

        return RedirectToAction("LogOn");
    }

AdminController:

[Authenticate]
public class AdminController : Controller
{
    [HttpGet]
    public ActionResult Index()
    {
        return View();
    }
}

AuthenticateAttribute继承自AuthorizeAttribute,其代码如下:

protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var authenticated = false;
        if (HttpContext.Current.User != null && HttpContext.Current.User.Identity.IsAuthenticated)
        {
            //some actions
        }
        else
        {
            FormsAuthentication.SignOut();
            FormsAuthentication.RedirectToLoginPage();
        }

        return authenticated;
    }

_authenticationServiceAuthenticationService类的实例,SetPrincipal()方法具有以下代码:

public void SetPrincipal(string userName)
    {
        var identity = new GenericIdentity(userName);
        var principal = new GenericPrincipal(identity, null);
        Thread.CurrentPrincipal = principal;
        if (HttpContext.Current != null)
        {
            var ticket = new FormsAuthenticationTicket(1,
                principal.Identity.Name,
                DateTime.Now,
                DateTime.Now.AddMinutes(30),
                false,
                String.Empty,
                FormsAuthentication.FormsCookiePath);

            string encryptedCookie = FormsAuthentication.Encrypt(ticket);
            var authenticationCookie = HttpContext.Current.Response.Cookies[FormsAuthentication.FormsCookieName];
            if (authenticationCookie != null)
            {
                authenticationCookie.Value = encryptedCookie;
                authenticationCookie.Expires = DateTime.Now.AddMinutes(30);
            }
            HttpContext.Current.User = principal;
        }
    }

当我调试并观看AuthenticationService.SetPrincipal() HttpContext.Current.User.Identity.IsAuthenticated时是真的。但是在AuthenticateAttribute.AuthorizeAttribute() HttpContext.Current.User.Identity.IsAuthenticated中重定向到AdminController的Index操作后总是为false。结果,我再次重定向到LogOn视图。 我做错了什么?

1 个答案:

答案 0 :(得分:0)

我没有看到您实际将cookie发送回客户端的任何地方。为了在每个后续请求中进行身份验证,您必须将加密的cookie发送回客户端,以便它可以将其传递回您的站点。

HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedCookie);
Response.Cookies.Add(cookie);

我看到你在哪里尝试获取当前的身份验证cookie:

var authenticationCookie = HttpContext.Current.Response.Cookies[FormsAuthentication.FormsCookieName];

但同样,这是一个GET,而不是SET(或发送cookie)功能线。在您的身份验证中,如果您设置了调试器,authenticationCookie始终为NULL。

另外,我没有看到您在任何操作或功能中验证密码的位置。确保您不会忽视这一步。

您的代码还有一个想法/问题/问题。您在控制器操作中设置了一个名为userExists的变量,但您调用的函数是void类型,所以......您不需要设置该变量,只需调用该函数。 / p>

_authenticationService.SetPrincipal(model.UserName);
return RedirectToAction("Index", "Admin");