我必须在ASP.NET中开发一个Web应用程序,并且必须实现一个身份验证控制器。如果未通过身份验证,则无法访问主页(很明显,我知道),所以我写了一个注释[Authorize],只有在身份验证很好的情况下才能访问。但是我有一个401未经授权的错误,我不明白为什么
这是我的HomeController代码:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
namespace M2Link2.Controllers
{
public class HomeController : Controller
{
[Authorize]
public ActionResult Index()
{
return View();
}
public ActionResult About()
{
ViewBag.Message = "Your application description page.";
return View();
}
public ActionResult Contact()
{
ViewBag.Message = "Your contact page.";
return View();
}
public ActionResult Deconnexion()
{
return View();
}
}
}
我的ConnexionController代码:
using M2Link2.Entities;
using M2Link2.Models;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.Web.Security;
namespace M2Link2.Controllers
{
public class ConnexionController : Controller
{
// GET: Connexion
public ActionResult Authentification()
{
return View();
}
[HttpPost]
public ActionResult Authentification(AuthentificationModel modele)
{
if (ModelState.IsValid)
{
FormsAuthentication.SetAuthCookie(modele.Password, true);
return RedirectToRoute(new { action = "index", controller = "Home" });
}
return View();
}
}
}
我的AuthentificationModel代码:
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.ComponentModel.DataAnnotations;
using System.Linq;
using System.Web;
namespace M2Link2.Models
{
public class AuthentificationModel
{
[DisplayName("Pseudo")]
[Required]
public String Pseudo { get; set; }
[DisplayName("Mot de Passe")]
[Required]
public String Password { get; set; }
}
}
Authentification.cshtml:
@model M2Link2.Models.AuthentificationModel
@{
ViewBag.Title = "Authentification";
}
<h2>Authentification</h2>
@using (Html.BeginForm())
{
<div class="form-horizontal">
<h4>Veuillez vous authentifier</h4>
<hr />
@Html.ValidationSummary(true, "", new { @class = "text-danger" })
<div class="form-group">
@Html.LabelFor(model => model.Pseudo, htmlAttributes: new { @class = "control-label col-md-2" })
<div class="col-md-10">
@Html.EditorFor(model => model.Pseudo, new { htmlAttributes = new { @class = "form-control" } })
@Html.ValidationMessageFor(model => model.Pseudo, "", new { @class = "text-danger" })
</div>
</div>
<div class="form-group">
@Html.LabelFor(model => model.Password, htmlAttributes: new { @class = "control-label col-md-2" })
<div class="col-md-10">
@Html.EditorFor(model => model.Password, new { htmlAttributes = new { @class = "form-control" } })
@Html.ValidationMessageFor(model => model.Password, "", new { @class = "text-danger" })
</div>
</div>
<div class="form-group">
<div class="col-md-offset-2 col-md-10">
<input type="submit" value="Create" class="btn btn-default" />
</div>
</div>
</div>
}
我将其添加到了web.config
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Connexion/Authentification"/>
</authentication>
</system.web>
答案 0 :(得分:0)
使用伪代码代替密码,并将createPersistentCookie的布尔属性更改为false:FormsAuthentication.SetAuthCookie(modele.Pseudo, false);
在私人导航器中尝试一下,这样cookie就不会持久。
FormsAuthentication.SetAuthCookie(String userName, bool createPersistentCookie)设置浏览器cookie以启动用户的会话。这是使页面每次发布到服务器时都使用户保持登录状态的原因。
createPersistentCookie创建一个持久性cookie,该持久性cookie在关闭浏览器时不会过期,因此用户可以返回该站点并自动登录。