我的websecurity身份验证存在问题,我无法登录。经过验证的重新开始总是错误的 当我一直登录时,它会将我发送到登录页面。我调试它,我发现一个问题httpContext.Request.IsAuthenticated总是返回false,任何帮助.. 控制器:
public ActionResult Login(string returnUrl)
{
ViewBag.ReturnUrl = returnUrl;
return View();
}
[AllowAnonymous]
[HttpPost]
public ActionResult Login(UserProfile register)
{
WebSecurity.Login(register.UserName, register.password, true);
if (User.Identity.IsAuthenticated)
{
return RedirectToAction("Index", "Home");
}
return RedirectToAction("Index", "Contact");
}
观点:
<h2>@ViewBag.Title.</h2>
<div class="row">
<div class="col-md-8">
<section id="loginForm">
@using (Html.BeginForm("Login", "AccountHopital", new { ReturnUrl = ViewBag.ReturnUrl }, FormMethod.Post, new { @class = "form-horizontal", role = "form" }))
{
@Html.AntiForgeryToken()
<h4>Utilisez un compte local pour vous connecter.</h4>
<hr />
@Html.ValidationSummary(true, "", new { @class = "text-danger" })
<div class="form-group">
@Html.LabelFor(m => m.UserName, new { @class = "col-md-2 control-label" })
<div class="col-md-10">
@Html.TextBoxFor(m => m.UserName, new { @class = "form-control" })
@Html.ValidationMessageFor(m => m.UserName, "", new { @class = "text-danger" })
</div>
</div>
<div class="form-group">
@Html.LabelFor(m => m.password, new { @class = "col-md-2 control-label" })
<div class="col-md-10">
@Html.PasswordFor(m => m.password, new { @class = "form-control" })
@Html.ValidationMessageFor(m => m.password, "", new { @class = "text-danger" })
</div>
</div>
和web.config:
<system.web>
<membership defaultProvider="SimpleMembershipProvider">
<providers>
<add name="SimpleMembershipProvider" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData" />
</providers>
</membership>
<authentication mode="Forms">
<!--<modules>
<remove name="FormsAuthentication" />
</modules>-->
<forms loginUrl="~/AccountHopital/Login" timeout="3600" />
</authentication>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.webServer>
<modules>
<remove name="FormsAuthentication" />
</modules>
</system.webServer>
答案 0 :(得分:0)
User.Identity.IsAuthenticated查看来自客户端的身份验证cookie,以确定用户是否已登录。由于在POST到登录方法时,身份验证cookie不存在,因此它将始终返回false。此外,为什么在您将用户登录后立即执行检查?实际上应该在登录GET方法上执行检查。
public ActionResult Login(string returnUrl)
{
if (User.Identity.IsAuthenticated)
{
//already logged in - no need to allow login again!!
return RedirectToAction("Index", "Home");
}
ViewBag.ReturnUrl = returnUrl;
return View();
}
[AllowAnonymous]
[HttpPost]
public ActionResult Login(UserProfile register)
{
//check your model state!
if(!ModelState.IsValid) return View();
//this method returns some result letting you know if the user
//logged in successfully or not. You need to check that.
//Additionally, this method sets the Auth cookie so you can
//do you IsAuthenticated call anywhere else in the system
var loginResult = WebSecurity.Login(register.UserName, register.password, true);
//login failed, display the login view again or go whereever you need to go
if(!loginResult) return View();
//Good to go, user is authenticated - redirect to where need to go
return RedirectToAction("Index", "Home");
}
Here is the MSDN用于WebSecurity.Login方法