为什么我得到User.Identity.IsAuthenticated false

时间:2016-07-13 19:21:11

标签: c# asp.net-mvc forms-authentication membership-provider

我的User.Identity.IsAuthenticated为假。我认为这是导致我的第二个问题:我无法使用[Authorize]装饰器访问控制器。

我的代码是:

  • 我的MembershipProvider继承,在ValidateUser上实施:

    public override bool ValidateUser(string username, string password)
{
    if (string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password))
        return false;

    var user = DBManager.Context.Usuarios.First(x => x.Nombre == username);
    if (user.Pass != password)
        return false;
    return true;
}

  • 我的Web.Config身份验证部分:

    <authentication mode="Forms">
  <forms loginUrl="~/Account/Login" defaultUrl="~/" timeout="20" slidingExpiration="true" />
</authentication>
<membership defaultProvider="Membership">
  <providers>
    <clear />
    <add name="Membership"
     type="SGKS.Security.Membership" />
  </providers>
</membership>

  • 我的Contorller

    [HttpGet]
[AllowAnonymous]
public ActionResult Login()
{
    if (User.Identity.IsAuthenticated)
    {
        return RedirectToAction("Index", "Facutra");
    }
    return View();
}

[HttpPost]
[AllowAnonymous]
public ActionResult Login(Login model)
{
    if (ModelState.IsValid)
    {
        if (System.Web.Security.Membership.ValidateUser(model.Nombre, model.Pass))
        {
            FormsAuthentication.SetAuthCookie(model.Nombre, model.Recordarme);
        }
        ViewBag.Error = "Usuario y/o contraseña incorrectos.";
    }
    return View(model);
}

1 个答案:

答案 0 :(得分:0)

我找到了答案here

  

成功进行身份验证后致电FormsAuthentication.SetAuthCookie时,您要将身份验证Cookie添加到响应。此Cookie将存储在客户端浏览器中,并将在后续请求中发送。因此,只有后续请求才会将用户视为已通过身份验证。因此,您需要在调用SetAuthCookie方法后始终重定向。

换句话说,您需要在致电RedirectToAction后立即添加FormsAuthentication.SetAuthCookie

[HttpPost]
[AllowAnonymous]
// The ASP.NET framework automatically puts a returnUrl query string parameter of the original
// page the user requested. You just need to add that parameter here to gain access to it
// (assuming you want to redirect the user back to the original requested page rather than 
// some start page).
public ActionResult Login(Login model, string returnUrl)
{
    if (ModelState.IsValid)
    {
        if (System.Web.Security.Membership.ValidateUser(model.Nombre, model.Pass))
        {
            FormsAuthentication.SetAuthCookie(model.Nombre, model.Recordarme);

            // Redirect so the next request can see the user as authenticated
            if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
                && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
            {
                return Redirect(returnUrl);
            }
            else
            {
                return RedirectToAction("Index", "Home");
            }
        }
        ViewBag.Error = "Usuario y/o contraseña incorrectos.";
    }
    return View(model);
}
相关问题
最新问题