User.Identity.IsAuthenticated始终为false即使e.Authenticated = true

时间:2016-11-25 09:35:23

标签: c# asp.net login webforms login-control

我搜索过类似问题,但无法解决问题。

html代码

  <asp:Login ID="Login1" runat="server" Width="247px"       OnAuthenticate="Login1_Authenticate1">
                </asp:Login>

C#代码

public partial class login : System.Web.UI.Page
{
private SqlConnection con = new     SqlConnection(WebConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);

protected void Page_Load(object sender, EventArgs e)
{

}
protected void Login1_Authenticate1(object sender, AuthenticateEventArgs e)
{
    string userName = Login1.UserName;
    string password = Login1.Password;

    bool result = UserLogin(userName, password);
    if ((result))
    {
        e.Authenticated = true;
        FormsAuthentication.SetAuthCookie(userName, true);
        Response.Redirect("http://localhost:57000/Default");
    }
    else
    {
        e.Authenticated = false;
    }
}
private bool UserLogin(string userName, string password)
{

    //' declare the command that will be used to execute the select statement 
    SqlCommand com = new SqlCommand("SELECT Employee_Email FROM Employee_Detail WHERE Employee_Email = @UserName AND Password = @Password", con);

        // set the username and password parameters
        com.Parameters.Add("@UserName", SqlDbType.NVarChar).Value = userName;
        com.Parameters.Add("@Password", SqlDbType.NVarChar).Value = password;

        con.Open();
        //' execute the select statment 
        string result = Convert.ToString(com.ExecuteScalar());
        //' check the result 
        if (string.IsNullOrEmpty(result))
        {
            //invalid user/password , return flase 
            return false;
        }
        else
        {
            // valid login
            return true;
        }
    }

} 我这样检查。 if (User.Identity.IsAuthenticated) { Page.Title = "Home page for " + User.Identity.Name; } else { Page.Title = "Home page for guest user."; } 配置文件

<authentication mode="Forms"> <forms defaultUrl="~/Default.aspx" loginUrl="~/login.aspx" name="__Auth" slidingExpiration="true" timeout="2880"></forms> </authentication>

登录工作正常,但在下一页中检查User.Identity.IsAuthenticated时,它始终为false。我已将身份验证设置为配置页面中的表单。 任何帮助都会很棒。

1 个答案:

答案 0 :(得分:1)

您还必须设置FormsAuthenticationTicket 

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(2, userName, DateTime.Now, DateTime.Now.AddDays(30), true, String.Empty);
string encryptedTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie authenticationCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
authenticationCookie.Expires = ticket.Expiration;
Response.Cookies.Add(authenticationCookie);

FormsAuthentication.SetAuthCookie(userName, true);

最好使用RedirectFromLoginPage代替Response.Redirect 

FormsAuthentication.RedirectFromLoginPage(userName, true);
  

看起来您正在存储纯文本密码。不要那样做。

<强>更新 

<sessionState mode="InProc" cookieless="false" timeout="1440" />
<authentication mode="Forms">
  <forms cookieless="UseCookies" timeout="43200" defaultUrl="~/Default.aspx" loginUrl="~/login.aspx" />
</authentication>
相关问题
最新问题