关于表单身份验证和重定向

时间:2015-02-02 19:35:19

标签: c# asp.net webforms forms-authentication

每次我尝试Response.Redirect("tothepageIwant.aspx");都会将我带到~/Account/Logon.aspx

为什么会这样?我正在使用表单身份验证,使用PrincipalContext.ValidateCredentials进行身份验证的自定义方法。

如果凭据有效,我想将Redirect.Response重定向到我允许用户访问的页面。

相反,只要我成功登录,它就会将我重定向到旧的Account/Logon.aspx

有什么建议吗?在使用表单身份验证和自定义身份验证方法时,我需要注意什么?

编辑(添加代码):

    protected void Submit1_Click(object sender, EventArgs e)
    {
        var auth = new AuthClass();
        var result = auth.ValidateCredentials(UserEmail.Text, UserPass.Text);
        if (result)
        {
            Response.Redirect("~/Members/RollReport.aspx");
        }
        else
        {
            Msg.Text = "Not authorized to access this page.";
        }
    }

    public bool ValidateCredentials(string user, string pass)
    {
        using (var pc = new PrincipalContext(ContextType.Domain, "Domain.name"))
        {
            // validate the credentials
            try
            {
                var isValid = pc.ValidateCredentials(user, pass);
                if (isValid)
                {
                    var isAuth = AuthorizeUser(user);
                    return isAuth;
                }
                else
                {
                    return false;
                }
            }
            catch (ActiveDirectoryOperationException)
            {
                throw;
            }
        }
    }

    private bool AuthorizeUser(string user)
    {
        var isAuth = false;
        var authList = (List<string>)HttpContext.Current.Cache["AuthList"];
        foreach (var id in authList)
        {
            if (id == user)
            {
                isAuth = true;
            }
        }
        return isAuth;
    }

1 个答案:

答案 0 :(得分:1)

var userName = Request.ServerVariables["LOGON_USER"];//or some other method of capturing the value from the username
var pc = new PrincipalContext(ContextType.Domain);
var userFind = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, userName);
if(userFind != null)
{
   HttpContext.Current.Session["username"] = userFind.DisplayName;
}

如果要检查并重定向..将值存储在Global.asax

内的会话变量中 
protected void Session_Start(object sender, EventArgs e)
{
   //declare and Initialize your LogIn Session variable
   HttpContext.Current.Session["username"] = string.Empty;
}

如果上面的代码成功,则在登录页面的Page_Load上分配值

   if(HttpContext.Current.Session["username"] == null)
    {
       //Force them to redirect to the login page 
    }
    else
    {
        Response.Redirect("tothepageIwant.aspx");   
    }

if you want to do the same thing inside a using(){} statement 

string fullName = null;
using (PrincipalContext context = new PrincipalContext(ContextType.Domain))
{
    using (UserPrincipal user = UserPrincipal.FindByIdentity(context,"yourusernamehere")) //User.Identity.Name
    {
        if (user != null)
        {
            fullName = user.DisplayName;
        }
    }
}

使用调试器并检查所有user. Properties确定

相关问题
最新问题