ASP.NET MVC Session为null

时间:2014-12-26 02:31:18

标签: c# asp.net asp.net-mvc asp.net-mvc-4

我被分配来自定义此MVC应用程序。它有表单身份验证,我被指示自定义它,以便"登录"消除了流程,所有用户都可以访问该应用程序。构建应用程序是为了使所有操作都围绕登录的用户完成。

由于我需要经过身份验证的用户,因此我使用了负责登录并验证用户的代码并将其放入Application_AcquireRequestState

这是我的登录代码:

public Action Login(string username, string password)
{
 bool loginResult = false;
 try
 {
     // If validated, it sets the LoginStatus to true and populates the Variables for security
     bool validate = this.memberShip.ValidateUser(username,password);

     if (validate)
     {
         // CxIdentity extends and implements IIdentity
         var identity = new CxIdentity(memberShip.LoginStatus.SecurityUser.Name,
                            memberShip.LoginStatus.SecurityUser.Id,
                            "",
                            true);

         this.Session[this.memberShip.PrincipalSessionKey] = new CxPrincipal(identity, memberShip.LoginStatus.SecurityUser.RoleId);
         this.Session[SessionName.CurrentUser] = memberShip.LoginStatus.SecurityUser.UserNm;
         FormsAuthentication.SetAuthCookie(username, false, "MyApp/Cookies");

         loginResult = true;
     }
 }
 catch (Exception ex)
 {
     Logger.Error("Login failed: ", ex);
  }
  if(loginResult)
      return Redirect("~/Home");
  else
      return Redirect("~/Login");
}

以下是Application_AcquireRequestState的代码,在我尝试合并之前

protected void Application_AcquireRequestState(object sender, EventArgs e)
{
    if (HttpContext.Current.Handler is IRequiresSessionState)
    {
        if (Request.IsAuthenticated)
        {
            if (HttpContext.Current.Session[this.MemberShipProvider.PrincipalSessionKey] != null)
            {
                CxPrincipal principal;

                try
                {
                    principal = (CxPrincipal)HttpContext.Current.Session[this.MemberShipProvider.PrincipalSessionKey];
                }
                catch
                {
                    principal = null;
                }

                HttpContext.Current.User = principal;
                Thread.CurrentPrincipal = principal;
             }
             else
             {
                 if (User.Identity.IsAuthenticated && User.Identity is FormsIdentity)
                 {
                     FormsAuthentication.SignOut();
                     Response.Redirect("~/Login");
                  }
              }
          }
      }
  }

编写应用程序的方式是,如果用户未经过身份验证,则应用程序将直接进入“登录”页面。所以我按如下方式更改了Application_AcquireRequestState:

protected void Application_AcquireRequestState(object sender, EventArgs e)
{

     if (HttpContext.Current.Handler is IRequiresSessionState)
     {

          var sessioncheck = this.Session[SessionName.CurrentUser];
          var obj = this.Session[this.MemberShipProvider.PrincipalSessionKey];
          if (obj != null)
          {
              HttpContext.Current.User = (CxPrincipal)obj;
              Thread.CurrentPrincipal = (CxPrincipal)obj;
           } 
           else
           {
               this.MemberShipProvider.ValidateUser("appadmin", "@dmin#@!8854");
               var identity = new CxIdentity("appadmin", 1, "", true);
               CxPrincipal principalLogin = new CxPrincipal(identity, 1);
               this.Session[this.MemberShipProvider.PrincipalSessionKey] = principalLogin;
               this.Session[SessionName.CurrentUser] = "appadmin";                       

               FormsAuthentication.SetAuthCookie("appadmin", false, "MyApp/Cookies");
            }
            if (Request.IsAuthenticated)
            {
               if (this.Session[this.MemberShipProvider.PrincipalSessionKey] != null)
               {
                    CxPrincipal principal;
                    try
                    {
                        principal = (CxPrincipal)this.Session[this.MemberShipProvider.PrincipalSessionKey];
                     }
                     catch
                     {
                          principal = null;
                     }
                     HttpContext.Current.User = principal;
                     Thread.CurrentPrincipal = principal;
                }

           }
      }                

 }

问题是每次检查obj时,它总是为空。 Request.IsAuthenticated也变为true,当应用程序处于获取状态时,会话确实被设置(这就是我在HttpContext.Current.User和Thread.CurrentPrincipal中获取值的原因。

但是当我重定向到另一个页面时,会话就消失了。

任何人都可以指导我完成这件事。

0 个答案:

没有答案