Web API +简单成员+ Web安全 - 永远不能进行身份验证?

时间:2014-10-04 23:34:33

标签: asp.net-mvc cookies asp.net-web-api asp.net-mvc-5 simplemembership

我正在尝试实施单页应用。我从另一个项目(MVC4)中继承了我的一些工作代码来实现身份验证。现在我看到设置了Cookie,但WebSecurity / User.Identity似乎没有因某种原因而起作用。登录后,后续请求永远不会通过WebSecurity.IsAuthenticatedUser.Identity.IsAuthenticated验证为已通过身份验证。有谁知道为什么会这样?

控制器代码:

public class AccountController : ApiController {

    private readonly UserService _userService;

    public AccountController() {}

    public AccountController(UserService userService) {
        _userService = userService;
    }

    [AllowAnonymous]
    [HttpGet]
    [Route("api/authpayload")]
    // This gets called when the app loads.  Always, User.Identity.IsAuthenticated is false. 
    public HttpResponseMessage AuthPayload() {
        var payload = new AuthPayloadDto();
        try {
            var userId = WebSecurity.GetUserId(User.Identity.Name);
            if (User.Identity.IsAuthenticated && userId > 0) {
                payload.Username = User.Identity.Name;
            } else {
                LogOut();
                payload.IsAuthenticated = false;
            }
            return Request.CreateResponse(HttpStatusCode.OK, payload);
        } catch (Exception e) {
            return Request.CreateResponse(HttpStatusCode.InternalServerError, e);
        }
    }

    [HttpPost]
    [Route("api/login")]
    [AllowAnonymous]
    public HttpResponseMessage LogIn(LoginModel model) {
        if (!ModelState.IsValid)
            return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState);
        try {
            if (WebSecurity.IsAuthenticated)
                return Request.CreateResponse(HttpStatusCode.Conflict, "already logged in.");
            if (!WebSecurity.UserExists(model.Username))
                return Request.CreateResponse(HttpStatusCode.Conflict, "User does not exist.");
            if (WebSecurity.Login(model.Username, model.Password, persistCookie: model.RememberMe)) {
                // This code always gets hit when I log in, no problems.  I see a new cookie get sent down as well, using Chrome debugger.
                var payload = new AuthPayloadDto();
                return Request.CreateResponse(HttpStatusCode.OK, payload);
            }
            LogOut();
            return Request.CreateResponse(HttpStatusCode.Forbidden, "Login Failed.");
        } catch (Exception e) {
            return Request.CreateResponse(HttpStatusCode.InternalServerError, e);
        }
    }

Web.config:

<system.web>
    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5" />
    <authentication mode="Forms">
      <forms loginUrl="~/" timeout="2880" />
    </authentication>
    <roleManager enabled="true" defaultProvider="simple">
      <providers>
        <clear />
        <add name="simple" type="WebMatrix.WebData.SimpleRoleProvider, WebMatrix.WebData" />
      </providers>
    </roleManager>
    <membership defaultProvider="simple">
      <providers>
        <clear />
        <add name="simple" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData" />
      </providers>
    </membership>
    <!--
            If you are deploying to a cloud environment that has multiple web server instances,
            you should change session state mode from "InProc" to "Custom". In addition,
            change the connection string named "DefaultConnection" to connect to an instance
            of SQL Server (including SQL Azure and SQL  Compact) instead of to SQL Server Express.
      -->
    <sessionState mode="InProc" customProvider="DefaultSessionProvider">
      <providers>
        <add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" />
      </providers>
    </sessionState>

  </system.web>

登录后发送的cookie未过期,并且会在后续请求中发回,但IsAuthenticated始终为false。我做错了什么?

更新:

我将我的web.config更新为以下内容以使一切正常运行:

<system.web>
    <authentication mode="None" />
    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5" />
    <roleManager enabled="true" defaultProvider="SimpleRoleProvider">
      <providers>
        <clear />
        <add name="SimpleRoleProvider" type="WebMatrix.WebData.SimpleRoleProvider, WebMatrix.WebData" />
      </providers>
    </roleManager>
    <membership defaultProvider="SimpleMembershipProvider">
      <providers>
        <clear />
        <add name="SimpleMembershipProvider" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData" />
      </providers>
    </membership>
  </system.web>

但是,如果有人解释为什么会这样做,我想保持开放状态;我很丢失。

1 个答案:

答案 0 :(得分:0)

在我目前使用mssql的mvc 4项目中, 它是一个简单的我所以我只想要非常简单的记忆提供者 我禁用了 InitializeSimpleMembershipAttribute

通过

[Authorize]
//[InitializeSimpleMembership]
public partial class AccountController : Controller

并将此代码添加到Application_Start

下的global.asax 
WebSecurity.InitializeDatabaseConnection(
             connectionStringName: "DefaultConnection",
             userTableName: "UserProfile",
             userIdColumn: "UserID",
             userNameColumn: "UserName",
             autoCreateTables: true);

在我的sql数据库中,应用程序创建了一些表格,其中Roles和UserInRoles刚刚添加了我需要的角色,如管理员,客户等... 并通过添加此代码来限制对某些控制器或操作的访问

[Authorize(Roles = "Admin")]
public class MessagesController : Controller
相关问题
最新问题