我被分配来自定义此MVC应用程序。它有表单身份验证,我被指示自定义它,以便"登录"消除了流程,所有用户都可以访问该应用程序。构建应用程序是为了使所有操作都围绕登录的用户完成。
由于我需要经过身份验证的用户,因此我使用了负责登录并验证用户的代码并将其放入Application_AcquireRequestState
这是我的登录代码:
public Action Login(string username, string password)
{
bool loginResult = false;
try
{
// If validated, it sets the LoginStatus to true and populates the Variables for security
bool validate = this.memberShip.ValidateUser(username,password);
if (validate)
{
// CxIdentity extends and implements IIdentity
var identity = new CxIdentity(memberShip.LoginStatus.SecurityUser.Name,
memberShip.LoginStatus.SecurityUser.Id,
"",
true);
this.Session[this.memberShip.PrincipalSessionKey] = new CxPrincipal(identity, memberShip.LoginStatus.SecurityUser.RoleId);
this.Session[SessionName.CurrentUser] = memberShip.LoginStatus.SecurityUser.UserNm;
FormsAuthentication.SetAuthCookie(username, false, "MyApp/Cookies");
loginResult = true;
}
}
catch (Exception ex)
{
Logger.Error("Login failed: ", ex);
}
if(loginResult)
return Redirect("~/Home");
else
return Redirect("~/Login");
}
以下是Application_AcquireRequestState的代码,在我尝试合并之前
protected void Application_AcquireRequestState(object sender, EventArgs e)
{
if (HttpContext.Current.Handler is IRequiresSessionState)
{
if (Request.IsAuthenticated)
{
if (HttpContext.Current.Session[this.MemberShipProvider.PrincipalSessionKey] != null)
{
CxPrincipal principal;
try
{
principal = (CxPrincipal)HttpContext.Current.Session[this.MemberShipProvider.PrincipalSessionKey];
}
catch
{
principal = null;
}
HttpContext.Current.User = principal;
Thread.CurrentPrincipal = principal;
}
else
{
if (User.Identity.IsAuthenticated && User.Identity is FormsIdentity)
{
FormsAuthentication.SignOut();
Response.Redirect("~/Login");
}
}
}
}
}
编写应用程序的方式是,如果用户未经过身份验证,则应用程序将直接进入“登录”页面。所以我按如下方式更改了Application_AcquireRequestState:
protected void Application_AcquireRequestState(object sender, EventArgs e)
{
if (HttpContext.Current.Handler is IRequiresSessionState)
{
var sessioncheck = this.Session[SessionName.CurrentUser];
var obj = this.Session[this.MemberShipProvider.PrincipalSessionKey];
if (obj != null)
{
HttpContext.Current.User = (CxPrincipal)obj;
Thread.CurrentPrincipal = (CxPrincipal)obj;
}
else
{
this.MemberShipProvider.ValidateUser("appadmin", "@dmin#@!8854");
var identity = new CxIdentity("appadmin", 1, "", true);
CxPrincipal principalLogin = new CxPrincipal(identity, 1);
this.Session[this.MemberShipProvider.PrincipalSessionKey] = principalLogin;
this.Session[SessionName.CurrentUser] = "appadmin";
FormsAuthentication.SetAuthCookie("appadmin", false, "MyApp/Cookies");
}
if (Request.IsAuthenticated)
{
if (this.Session[this.MemberShipProvider.PrincipalSessionKey] != null)
{
CxPrincipal principal;
try
{
principal = (CxPrincipal)this.Session[this.MemberShipProvider.PrincipalSessionKey];
}
catch
{
principal = null;
}
HttpContext.Current.User = principal;
Thread.CurrentPrincipal = principal;
}
}
}
}
问题是每次检查obj时,它总是为空。 Request.IsAuthenticated也变为true,当应用程序处于获取状态时,会话确实被设置(这就是我在HttpContext.Current.User和Thread.CurrentPrincipal中获取值的原因。
但是当我重定向到另一个页面时,会话就消失了。
任何人都可以指导我完成这件事。