FromsAuthenticationTicket.UserData始终为空,并且身份验证cookie不保留值

时间:2017-06-16 12:25:42

标签: c# asp.net-mvc cookies forms-authentication

我在Login(用户名,密码)

中有以下代码 
if (hasher.Compare(password, person.Hash))
                {
                    FormsAuthentication.SetAuthCookie(userId, true);
                    OpenAccount(person);

                    var principle = new GenericPrincipal( new GenericIdentity($"{person.FirstName} {person.LastName}"), new string[] {"All"});
                    var data = Konstants.Serialize(principle);
                    var ticket = new FormsAuthenticationTicket(1, principle.Identity.Name, DateTime.Now, DateTime.Now.AddMinutes(30), true, data);
                    var encryptedTicket = FormsAuthentication.Encrypt(ticket);


                    FormsAuthentication.SetAuthCookie(principle.Identity.Name, false);
                    var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
                    Response.SetCookie(cookie);
                    Response.RedirectToRoute("Default");
                }

然后在Global.asax中我有以下代码:

protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
    var  authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
    try
    {
        if (authCookie != null)
        {
            FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(authCookie.Value);
            if (!string.IsNullOrEmpty(ticket.UserData))
            {
                var principle = Konstants.Deserialize<GenericPrincipal>(ticket.UserData);
                HttpContext.Current.User = principle;
            }
        }
    }
    catch 
    {


    }
}

但是在AutheticateRequest中,ticket.UserData始终为空。事实上,我得到的cookie值是在认证之前的那个,而不是我存储的那个。我在这里做错了什么。

更新:序列化和反序列化代码如下:

   public static string Serialize<T>(T obj)
    {
        var ret = string.Empty;
        using(var ms = new MemoryStream())
        {
            var bf = new BinaryFormatter();
            bf.Serialize(ms, obj);
            ret= Convert.ToBase64String(ms.GetBuffer());
        }
        return ret;
    }

public static T Deserialize<T>(string text)
{
    var obj = default(T);
    var data = Convert.FromBase64String(text);
    using(var ms = new MemoryStream(data, false))
    {
        var bf = new BinaryFormatter();
        obj = (T)bf.Deserialize(ms);
    }
    return obj;
}

1 个答案:

答案 0 :(得分:0)

您在第一个代码块中有两次调用SetAuthCookie,但如果您要创建自定义票证,则不需要。我认为这应该可以解决问题:

OpenAccount(person);

var principle = new GenericPrincipal( new GenericIdentity($"{person.FirstName} {person.LastName}"), new string[] {"All"});
var data = Konstants.Serialize(principle);
var ticket = new FormsAuthenticationTicket(1, principle.Identity.Name, DateTime.Now, DateTime.Now.AddMinutes(30), true, data);
var encryptedTicket = FormsAuthentication.Encrypt(ticket);

var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
Response.SetCookie(cookie);
Response.RedirectToRoute("Default");

修改:我还注意到您没有将序列化数据传递到新票证的userData字段中,是不是意图?

相关问题
最新问题