我已经创建了一个OAuth服务器,我想登录这个站点。
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult LocalLogin(LoginViewModel model)
{
if (!ModelState.IsValid)
{
return View(model);
}
var member = memberService.VaildateMmember(model.UserName, model.Password);
if (member == null)
{
ModelState.AddModelError("", "Account or Password Error!");
return View(model);
}
AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
var claims = new List<Claim>
{
new Claim(ClaimsIdentity.DefaultNameClaimType, member.AccountName),
new Claim(ClaimTypes.Name, member.AccountName),
new Claim(ClaimTypes.Email, member.Email),
new Claim(ClaimTypes.NameIdentifier, member.Id.ToString())
};
var claimsIdentity = new ClaimsIdentity(
claims,
DefaultAuthenticationTypes.ApplicationCookie);
AuthenticationManager.SignIn(
new AuthenticationProperties
{
IsPersistent = true,
IssuedUtc = DateTime.UtcNow,
ExpiresUtc = DateTime.UtcNow.Add(TimeSpan.FromMinutes(30))
},
claimsIdentity);
return RedirectToAction("Index", "Home");
}
我创建了自己的AuthorizeAttribute。
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext == null)
return false;
var user = httpContext.User.Identity;
if (!user.IsAuthenticated) //here Always false
return false;
//CheckUser
if (Users.Length > 0 && !Users.Split(',').Contains(user.Name, StringComparer.OrdinalIgnoreCase))
return false;
//CheckRole
if (!IsHasRoles(user))
return false;
//CheckScope
if (!IsHasScope(user))
return false;
return true;
}
我不知道这里有什么问题。 为什么httpContext.User.Identity.IsAuthenticated总是返回false。