我正在使用表单身份验证在我的网站中对请求进行身份验证和授权。
以下是登录代码:
var objLogin = new LoginModel { Email = model.Email, Password = CommonMethod.Encryptdata(model.Password) };
var UserDetail = Users.LoginUser(objLogin);
if (UserDetail.ErrorMessage == "SuccessLogin")
{
var UserData = UserDetail.UserId + "," + UserDetail.UserRole + "," + UserDetail.Email + "," + UserDetail.FirstName + "," + UserDetail.LastName;
DateTime expirydate = DateTime.Now.AddDays(10);
var Ticket = new FormsAuthenticationTicket(1, UserDetail.Email, DateTime.Now, expirydate, true, UserData, FormsAuthentication.FormsCookieName);
string hashCookies = FormsAuthentication.Encrypt(Ticket);
var Cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hashCookies);
Response.Cookies.Add(Cookie);
ViewBag.InActiveStatus = "";
//Code for expiration
if (Ticket.IsPersistent)
{
Cookie.Expires = Ticket.Expiration;
}
if (!string.IsNullOrEmpty(returnUrl))
return Redirect(returnUrl);
}
我正在使用持久性cookie。
用于注销网站的方法包含以下代码:
FormsAuthentication.SignOut();
Session.Abandon();
Session.Clear();
Session.RemoveAll();
string[] myCookies = Request.Cookies.AllKeys;
foreach (string cookie in myCookies)
{
Response.Cookies[cookie].Expires = DateTime.Now.AddYears(-1);
}
return RedirectToAction("Login", "Account");
我面临的问题是退出后我能够冲浪家庭控制器 页面。我已经在所有家庭控制器方法上实现了Authorize(Roles =“user”)。
[Authorize(Roles = "user")]
public ActionResult Index()
但是我无法浏览其他控制器(家庭除外)的页面 在Challenge Controller中有以下方法:
[Authorize(Roles = "user")]
public ActionResult MyChallenges()
当我强行清理浏览器cookie时,问题就解决了。但从用户体验的角度来看,这不建议普通用户使用。
请说明为什么会这样?在此先感谢!
答案 0 :(得分:0)
Hi Stackoverflow专家
我还在等我的回答!
由于 Imastu