我有两个控制器,AdminController和AccountController,代码如下
的AccountController:
[HttpPost]
public ActionResult LogOn(LogOnViewModel model)
{
if (ModelState.IsValid)
{
_authenticationService.SetPrincipal(model.UserName);
var exists = _authenticationService.ValidateCredentials(userName, password);
FormsAuthentication.SetAuthCookie(model.UserName, false);
if(exists){
return RedirectToAction("Index", "Admin");
}
}
return RedirectToAction("LogOn");
}
AdminController:
[Authenticate]
public class AdminController : Controller
{
[HttpGet]
public ActionResult Index()
{
return View();
}
}
AuthenticateAttribute
继承自AuthorizeAttribute
,其代码如下:
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var authenticated = false;
if (HttpContext.Current.User != null && HttpContext.Current.User.Identity.IsAuthenticated)
{
//some actions
}
else
{
FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage();
}
return authenticated;
}
_authenticationService
是AuthenticationService
类的实例,SetPrincipal()
方法具有以下代码:
public void SetPrincipal(string userName)
{
var identity = new GenericIdentity(userName);
var principal = new GenericPrincipal(identity, null);
Thread.CurrentPrincipal = principal;
if (HttpContext.Current != null)
{
var ticket = new FormsAuthenticationTicket(1,
principal.Identity.Name,
DateTime.Now,
DateTime.Now.AddMinutes(30),
false,
String.Empty,
FormsAuthentication.FormsCookiePath);
string encryptedCookie = FormsAuthentication.Encrypt(ticket);
var authenticationCookie = HttpContext.Current.Response.Cookies[FormsAuthentication.FormsCookieName];
if (authenticationCookie != null)
{
authenticationCookie.Value = encryptedCookie;
authenticationCookie.Expires = DateTime.Now.AddMinutes(30);
}
HttpContext.Current.User = principal;
}
}
当我调试并观看AuthenticationService.SetPrincipal() HttpContext.Current.User.Identity.IsAuthenticated
时是真的。但是在AuthenticateAttribute.AuthorizeAttribute() HttpContext.Current.User.Identity.IsAuthenticated
中重定向到AdminController的Index操作后总是为false。结果,我再次重定向到LogOn视图。
我做错了什么?
答案 0 :(得分:0)
我没有看到您实际将cookie发送回客户端的任何地方。为了在每个后续请求中进行身份验证,您必须将加密的cookie发送回客户端,以便它可以将其传递回您的站点。
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedCookie);
Response.Cookies.Add(cookie);
我看到你在哪里尝试获取当前的身份验证cookie:
var authenticationCookie = HttpContext.Current.Response.Cookies[FormsAuthentication.FormsCookieName];
但同样,这是一个GET,而不是SET(或发送cookie)功能线。在您的身份验证中,如果您设置了调试器,authenticationCookie
始终为NULL。
另外,我没有看到您在任何操作或功能中验证密码的位置。确保您不会忽视这一步。
您的代码还有一个想法/问题/问题。您在控制器操作中设置了一个名为userExists
的变量,但您调用的函数是void
类型,所以......您不需要设置该变量,只需调用该函数。 / p>
_authenticationService.SetPrincipal(model.UserName);
return RedirectToAction("Index", "Admin");