0

我有两种方法:一种用于注册新用户AddNewUser(MemberRegisterModel mm),另一种用于为他创建 cookie CreateCookie(MemberLoginModel member)。我想使用注册后创建的这个 cookie 来在所有页面的顶部显示用户名,直到他注销。

我跟踪了我的代码并看到创建了 cookie。我在HeaderPartial.cshtml中使用此代码从 cookie 中提供用户名。

<div id="top">
@if (HttpContext.Current.Response.Cookies[FormsAuthentication.FormsCookieName] != null)
  {
    HttpCookie cookie =
    HttpContext.Current.Request.Cookies.Get(FormsAuthentication.FormsCookieName);
    var formAuthTicket = FormsAuthentication.Decrypt(cookie.Value);
    string CookieValue = formAuthTicket.UserData.ToString();
    <text> welcome <b> @Html.Label(CookieValue)</b>! 
    [@Html.ActionLink("Log off", "logout", "Members", new { area = "Members" }, null)]
    </text>
}
else
{
 <text>Welcome Guest!</text>
    @:[ @Html.ActionLink("Log in", "Login", "Members", new { area = "Members" }, null)]

}

但它不起作用并在这一行显示错误:

    var formAuthTicket = FormsAuthentication.Decrypt(cookie.Value);

错误:

“encryptedTicket”参数的值无效。

我该怎么办?我想在所有页面的顶部显示用户名,并在他的个人页面中显示所有用户名的 db 值。他将登录并浏览所有页面,直到他退出。

4

1 回答 1

1

如果您使用 FormsAuthentication 编写身份验证 cookie,则无需解密和读取原始 cookie 值。您可以@User.Identity.Name在您的视图中使用。

public ActionResult AddNewUser(MemberRegisterModel mm)
{
    ...
    FormsAuthentication.SetAuthCookie(mm.UserName, true || false);
    ...
    return Redirect("Index", "Home");
}


Hello, and welcome, <strong>@User.Identity.Name</strong>

这就是 SetAuthCookie 内部的样子:

public static void SetAuthCookie(string userName, bool createPersistentCookie)
{
    FormsAuthentication.Initialize();
    FormsAuthentication.SetAuthCookie(userName, createPersistentCookie, 
        FormsAuthentication.FormsCookiePath);
}

public static void SetAuthCookie(string userName, bool createPersistentCookie, 
  string strCookiePath)
{
  FormsAuthentication.Initialize();
  HttpContext current = HttpContext.Current;
  if (!current.Request.IsSecureConnection && FormsAuthentication.RequireSSL)
    throw new HttpException(System.Web.SR.GetString("Connection_not_secure_creating_secure_cookie"));
  bool flag = CookielessHelperClass.UseCookieless(current, false, FormsAuthentication.CookieMode);
  HttpCookie authCookie = FormsAuthentication.GetAuthCookie(userName, createPersistentCookie, flag ? "/" : strCookiePath, !flag);
  if (!flag)
  {
    HttpContext.Current.Response.Cookies.Add(authCookie);
    current.CookielessHelper.SetCookieValue('F', (string) null);
  }
  else
    current.CookielessHelper.SetCookieValue('F', authCookie.Value);
}

private static HttpCookie GetAuthCookie(string userName, bool createPersistentCookie, string strCookiePath, bool hexEncodedTicket)
{
  FormsAuthentication.Initialize();
  if (userName == null)
    userName = string.Empty;
  if (strCookiePath == null || strCookiePath.Length < 1)
    strCookiePath = FormsAuthentication.FormsCookiePath;
  DateTime utcNow = DateTime.UtcNow;
  DateTime expirationUtc = utcNow.AddMinutes((double) FormsAuthentication._Timeout);
  FormsAuthenticationTicket ticket = FormsAuthenticationTicket.FromUtc(2, userName, utcNow, expirationUtc, createPersistentCookie, string.Empty, strCookiePath);
  string str = FormsAuthentication.Encrypt(ticket, hexEncodedTicket);
  if (str == null || str.Length < 1)
    throw new HttpException(System.Web.SR.GetString("Unable_to_encrypt_cookie_ticket"));
  HttpCookie httpCookie = new HttpCookie(FormsAuthentication.FormsCookieName, str);
  httpCookie.HttpOnly = true;
  httpCookie.Path = strCookiePath;
  httpCookie.Secure = FormsAuthentication._RequireSSL;
  if (FormsAuthentication._CookieDomain != null)
    httpCookie.Domain = FormsAuthentication._CookieDomain;
  if (ticket.IsPersistent)
    httpCookie.Expires = ticket.Expiration;
  return httpCookie;
}

请注意,它实际上确实创建了一个表单身份验证票证并加密了 cookie,

于 2012-10-18T12:10:35.407 回答