所以我正在开发一个asp.net Web应用程序,但遇到麻烦:
1。)何时将身份验证Cookie绑定到当前经过身份验证的用户?
2。)绑定是如何发生的?
尽管可以正常工作,但我发现奇怪的是,通过(// POST:/ Account / Login)可访问的(登录方法)在确认用户已存在于数据库中之后,无论如何都不会将Authenticated用户绑定到Cookie
谁能给出一个简单易懂的解释,为什么会这样呢!!!一夜未眠之后,尚未找到任何好的文档
我正在使用默认的[ASP.NET Web应用程序(.NET Framework)]模板,
这是配置登录cookie,
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager,
ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(1),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
},
SlidingExpiration = false,
ExpireTimeSpan = TimeSpan.FromMinutes(2)
});
这是“登录帖子”表单,用于确认并验证没有Cookie参考的用户
// POST: /Account/Login
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task Login(LoginViewModel model, string returnUrl)
{
if (!ModelState.IsValid)
{
return View(model);
}
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, change to shouldLockout: true
var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false);
switch (result) {
case SignInStatus.Success:
return RedirectToLocal(returnUrl);
case SignInStatus.LockedOut:
return View("Lockout");
case SignInStatus.RequiresVerification:
return RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe });
case SignInStatus.Failure:
default:
ModelState.AddModelError("", "Invalid login attempt.");
return View(model);
}
}