Question

我在ASP.NET MVC 4中有一个基于简单身份验证的项目。

我试图让我的网站在检查“记住我”复选框时自动登录用户。但是我在解决这个问题时遇到了问题。关闭浏览器并重新打开后，用户永远不会登录。

检查后（http://forums.asp.net/t/1654606.aspx#4310292）我已添加机器密钥，由IIS生成。我已经设置在运行时自动生成并且为每个应用程序生成一个唯一的密钥已被禁用，并且我已生成密钥）。不幸的是，这还没有奏效。

查看"Remember me" with ASP.NET MVC Authentication is not working，我已添加 FormsAuthentication.SetAuthCookie（model.UserName，model.RememberMe）这一行，但这样做并非如此＃39; ve现在评论了它。

我尝试了ASP.NET MVC RememberMe给出的答案，但这似乎也无效。

我错过了一些明显的东西吗？

//FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);

if (model.RememberMe)
{
    //int timeout = model.RememberMe ? 525600 : 2; // Timeout in minutes,525600 = 365 days
    int timeout = 525600;
    var ticket = new FormsAuthenticationTicket(model.UserName, model.RememberMe, timeout);
    string encrypted = FormsAuthentication.Encrypt(ticket);
    var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encrypted);
    cookie.Expires = System.DateTime.Now.AddMinutes(timeout);//My Line
    Response.Cookies.Add(cookie);
}

Answer 1

这就是我的工作方式

public class MyAuthentication
{
    public static HttpCookie GetAuthenticationCookie(LoginModel model, bool persistLogin)
    {
         // userData storing data in ticktet and then cookie 
        JavaScriptSerializer js = new JavaScriptSerializer();

        var userData = js.Serialize(model);
        FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(
                 1,
                 "akash",
                 DateTime.Now,
                 DateTime.Now.AddHours(1),
                 persistLogin,
                 userData);

        string encTicket = FormsAuthentication.Encrypt(authTicket);
        HttpCookie cookie= new HttpCookie(FormsAuthentication.FormsCookieName, encTicket);
        cookie.Expires = authTicket.Expiration; //must do it for cookie expiration 
        return cookie;
    }

    internal static bool Login(string UserName, string Password)
    {
        //UserName="akash" Password="akash"
        //check can be done by DB
        if (UserName== "akash" && Password == "akash")
            return true;
        else
            return false;
    }
}

然后

[HttpGet]
    [AllowAnonymous]
    public ActionResult Login()
    {
        //ViewBag.Message = "Your contact page.";
        HttpCookie cookie =  Request.Cookies[FormsAuthentication.FormsCookieName];
       // var ek = cookie.Value;
        try
        {
            //some times no cookie in browser
            JavaScriptSerializer js = new JavaScriptSerializer();
            FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);
            //string data = ticket.UserData;
            LoginModel model = js.Deserialize<LoginModel>(ticket.UserData);
            if (MyAuthentication.Login(model.UserName, model.Password) == true)
            {
                RedirectToAction("Index", "Home");
            }
        }
        catch
        {

        }
        return View();

您可以在Global.asax或授权过滤器上查看它。确保你有web.config

<authentication mode="Forms">
  <forms defaultUrl="/Home/Login" loginUrl="/home/Login" timeout="2880">
  </forms>
</authentication>

所有控制器之前的

和[Authorize]属性。

ASP.NET MVC记住我

1 个答案: