0

我正在尝试使用 mvc 框架进行表单身份验证,但是如果我登录并复制 url 并从页面注销并在其他浏览器或选项卡中打开它应该转到登录页面但它重定向到需要首先进行身份验证的页面意味着直接进入在没有身份验证的登录页面内。任何帮助都将得到重视。

这是我的网络配置设置:

 <!--Using forms authentication-->
        <location path="Content">
            <system.web>
                <authorization>
                    <allow users="*" />
                </authorization>
            </system.web>
        </location>

        <!-- allow any user to see the login controller -->
        <location path="~/Developer/Index">
            <system.web>
                <authorization>
                    <allow users="*" />
                </authorization>
            </system.web>
        </location>

               <authentication mode="Forms">
                <forms name=".ASPXFORMSAUTH" loginUrl="~/Developer/Index" timeout="2880" />
            </authentication>

And in my controller login Action method i used 



     [HttpPost]
        public ActionResult LoginAPI(LoginAPIFormModel loginapp)
        {
            if (!ModelState.IsValidField("username") || !ModelState.IsValidField("pwd"))
            {
                if (!ModelState.IsValidField("username"))
                {
                    ModelState.AddModelError("username", "Invalid Email");
                }
                else
                {
                    ModelState.AddModelError("Incomplete", "Please fill out each field");
                }


                return View(loginapp);
            }

            try
            {

                var context = new ndCorp_SiteEntities();
                var Hashpwd = CreateHash(loginapp.pwd);
                var res = context.DevUserInfoes.Where(i => i.UserName == loginapp.username && i.USerPwd == Hashpwd).FirstOrDefault() ;
 TempData["mode"] = "LoginAPI";

                FormsAuthentication.SetAuthCookie(loginapp.username, false);
                return RedirectToAction("SuccessView");
 }

            catch (Exception ex)
            {
                Console.Write(ex);
                return View(loginapp);
            }


        }

这是登录后实际重定向到用户页面的javascript代码:

 if (@Html.Raw(Json.Encode(TempData["mode"])) == "LoginAPI")
       {
            parent.closeFancybox(); 
            //setTimeout(parent.closeFancybox(), 1000) 
            //window.top.closeFancybox();
             var url = '@Html.Raw(Url.Action("ManageApps", "Developer", new { username =@Html.Raw(Json.Encode(TempData["uname"]))} ))';
             url =  url.replace(/%22/g,'');
            parent.location.href = url;
        }
4

1 回答 1

0

尝试将 [Authorize] 属性放置到您的控制器或视图中。

于 2013-06-02T16:21:37.443 回答