0

我正在纠结这个“愚蠢”的问题。我尝试查看用户是否在我的操作中经过身份验证。我习惯这样做,HttpContext.User.Identity.IsAuthenticated但它总是返回错误。我研究了AuthorizeAttribute他们使用的代码

protected virtual bool AuthorizeCore(HttpContextBase httpContext)
        {
            //removed code...

            IPrincipal user = httpContext.User;
            if (!user.Identity.IsAuthenticated)
            {
                return false;
            }

            //removed code....
        }

所以我的问题和困惑是为什么这在我的行动中不起作用?

我使用 Simplemembership,这是我使用的设置web.config

<roleManager enabled="true" defaultProvider="SimpleRoleProvider">
              <providers>
                <clear />
                <add name="SimpleRoleProvider" 
                type="WebMatrix.WebData.SimpleRoleProvider, 
                WebMatrix.WebData" />
              </providers>
            </roleManager>
            <membership defaultProvider="SimpleMembershipProvider">
              <providers>
                <clear />
                <add name="SimpleMembershipProvider" 
                type="WebMatrix.WebData.SimpleMembershipProvider, 
                WebMatrix.WebData" />
              </providers>
            </membership>

我在模板 mvc4 中使用默认登录

        [HttpPost]
        [AllowAnonymous]
        [ValidateAntiForgeryToken]
        public ActionResult Login(LoginModel model, string returnUrl)
        {
            if (ModelState.IsValid && WebSecurity.Login(model.UserName, model.Password, persistCookie: model.RememberMe))
            {                
                return RedirectToLocal(returnUrl);
            }

            // If we got this far, something failed, redisplay form
            ModelState.AddModelError("", "The user name or password provided is incorrect.");
            return View(model);
        }

我在我的授权属性中使用它并且它有效,所以我的问题是有什么区别?

protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext)
        {
            //code here....

            if (httpContext.User.Identity.IsAuthenticated)
                return true;

            return true;
        }

这就是我在我的行动中使用的

public ActionResult Index()
        {
            //removed code....

            if (HttpContext.User.Identity.IsAuthenticated)
            {
                return View();
            }

            // revmoved code...

            return View();
        }
4

1 回答 1

0

我通常Application_PostAuthenticateRequest为此使用而不是过滤器。请随意忽略我的CustomPrincipal,你不必那样做。只是我的一个项目的快速粘贴。

我没有看到你的代码FormsAuthentication很难说为什么HttpContext.User设置不正确。请发布您的FormsAuthentication代码。

 protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
    {
        HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
        if (authCookie != null)
        {
            FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
            var serializeModel = (CustomPrincipalSerializeModel)
                                 JsonSerializer.DeserializeFromString(authTicket.UserData,
                                                                      typeof (CustomPrincipalSerializeModel));

            var roles = serializeModel.Roles ?? new string[0];
            var newUser = new CustomPrincipal(authTicket.Name, roles)
                {
                    UserId = serializeModel.UserId,
                    UserName = serializeModel.UserName,
                    FirstName = serializeModel.FirstName,
                    LastName = serializeModel.LastName
                };
            HttpContext.Current.User = newUser;

        }
    }
于 2013-03-15T10:01:49.077 回答