FormsAuthentication检查Cookie

时间:2015-06-25 00:01:52

标签: .net cookies model-view-controller forms-authentication

我使用authorize属性设置Forms身份验证,该属性检查查询字符串哈希值:

FormsAuthentication.SetAuthCookie(qs["name"], false);

在下一个请求中,我检查用户是否已登录:

filterContext.HttpContext.Request.IsAuthenticated

这会返回false(看起来很奇怪,所以我看看cookie)

filterContext.HttpContext.Request.Cookies[".ASPXAUTH"]

返回:

{System.Web.HttpCookie}
Domain: null
Expires: {1/01/0001 12:00:00 a.m.}
HasKeys: false
HttpOnly: false
Name: ".ASPXAUTH"
Path: "/"
Secure: false
Shareable: false
Value: "9A3F32523C37286093E99907E8A71C405854EE409667A34AA8E06665D0912EEA5DAD69C605F45134A9BBA314BC8C4A5AEA46F9F623013A1FA2A98F3AEE834D69555C1849926C4A369B8E5E0A2E26CBB4ACBDBC8D0389BBD9A2C8F942ACFFBF20566BA2D7A1F80914D8B097866D06CC3059DB306C3E83C09800CCD4697D38AF5C"
Values: {9A3F32523C37286093E99907E8A71C405854EE409667A34AA8E06665D0912EEA5DAD69C605F45134A9BBA314BC8C4A5AEA46F9F623013A1FA2A98F3AEE834D69555C1849926C4A369B8E5E0A2E26CBB4ACBDBC8D0389BBD9A2C8F942ACFFBF20566BA2D7A1F80914D8B097866D06CC3059DB306C3E83C09800CCD4697D38AF5C}

所以cookie就在那里,让我们解密它看看它有效吗?

    FormsAuthentication.Decrypt(filterContext.HttpContext.Request.Cookies[".ASPXAUTH"].Value)
{System.Web.Security.FormsAuthenticationTicket}
    CookiePath: "/"
    Expiration: {25/06/2015 12:09:17 p.m.}
    Expired: false
    IsPersistent: false
    IssueDate: {25/06/2015 11:39:17 a.m.}
    Name: "john"
    UserData: ""
    Version: 2

所以cookie一切都很好,为什么Request.IsAuthenticated返回false ???

1 个答案:

答案 0 :(得分:0)

<authentication mode="Forms" />

web.config中缺少