我有一个带有自定义登录名的mvc5应用程序。没什么疯狂的,我只是从MongoDB获取用户名和密码,然后进行检查。
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Login ( LoginViewModel vm )
{
try
{
if ( !ModelState.IsValid )
return View ( );
var db = new MongoDb ( );
var user = db.GetUser ( vm.Email.Trim ( ) );
if ( user == null )
return View ( "Home" );
string oldHash = user.Hash;
byte [ ] salt = user.Salt;
bool isLogin = Security.CompareHashValue ( vm.Password, vm.Email, oldHash, salt );
if ( !isLogin )
{
TempData [ "ErrorMSG" ] = "Access Denied! Wrong Credential";
return View ( vm );
}
SignInRemember ( vm.Email, vm.RememberMe );
FormsAuthentication.SetAuthCookie ( vm.Email, false );
Session [ "User" ] = vm;
return RedirectToAction ( "Index", "Dashboard" );
现在,直到我在同一个控制器中,isAuthenticated才是true,但是当我执行仪表板/索引时
class Dashboard {
...
public ActionResult Index()
{
bool auth = User.Identity.IsAuthenticated;
是错误的,如果我使用[Authorized]装饰器,则用户将无法访问ActionResult。
我认为一切都正确,但我想让事情起作用:-)