0

在帐户控制器中成功登录后,我尝试渲染 _LoginPartial.cshtml 以将导航栏中的文本从“登录”切换为“注销”(“注销”在表单中并具有反隐私令牌。我是调用 RenderRazorViewToString 来调用局部视图并将其传递给我的 ajax 响应,但在局部视图中“Request.Isauthenticated”始终为假,因此文本永远不会更改为“注销”也许我只是不了解身份验证的工作原理?或者可能与我在 Ajax 调用中的 antiforgerytoken 有关。

所有代码如下。

AccountController.cs

    [HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    public async Task<ActionResult> LoginJson(string email, string password, bool rememberme)
    {
        ..code here left blank

        var result = await SignInManager.PasswordSignInAsync
                     (userName, password, rememberme, shouldLockout: false);
        switch (result)
        {
            case SignInStatus.Success:
                return Json(new { error = false, message = RenderRazorViewToString("_LoginPartial", null) });

            ..code here left blank
        }
    }

    private string RenderRazorViewToString(string viewName, object model)
    {
        if (model != null)
            ViewData.Model = model;

        using (var sw = new StringWriter())
        {
            var viewResult = ViewEngines.Engines.FindPartialView(ControllerContext,
                                                                     viewName);
            var viewContext = new ViewContext(ControllerContext, viewResult.View,
                                         ViewData, TempData, sw);
            viewResult.View.Render(viewContext, sw);
            viewResult.ViewEngine.ReleaseView(ControllerContext, viewResult.View);
            return sw.GetStringBuilder().ToString();
        }
    }

_LoginPartial.cshtml 

//Request.IsAuthenticated is false when calling it from RenderRazorViewToString
@if (Request.IsAuthenticated) { using (Html.BeginForm("LogOff", "Account", FormMethod.Post, new { id = "logoutForm"})) { @Html.AntiForgeryToken()

<ul class="nav navbar-nav navbar-right">
  <li>@Html.ActionLink("Create Yoga Band!", "Create", "YogaSpace")</li>
  <li class="dropdown">
    <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false">Menu<span class="caret"></span></a>
    <ul class="dropdown-menu" role="menu">
      <li>@Html.ActionLink("User", "UserProfile", "Account")</li>
      <li>@Html.ActionLink("Profiles", "Edit", "Student")</li>
      <li>@Html.ActionLink("Yoga Spaces", "Index", "YogaSpace")</li>
      <li><a href="#">Schedules</a>
      </li>
      <li><a href="#">Invite Friends!</a>
      </li>
    </ul>
  </li>
  <li><a href="javascript:document.getElementById('logoutForm').submit()">Log off</a>
  </li>
</ul>
} } else {
<ul class="nav navbar-nav navbar-right">
  <li>@Html.ActionLink("Create Yoga Space!", "Create", "YogaSpace")</li>
  <li>@Html.ActionLink("Register", "Register", "Account", routeValues: null, htmlAttributes: new { id = "registerLink" })</li>
  <li>@Html.ActionLink("Log in", "Login", "Account", routeValues: new { returnUrl = Request.RawUrl }, htmlAttributes: new { id = "loginLink" })</li>
</ul>
}

这是我打控制器登录的ajax调用

LoginIntoStd: function(email, password, rememberme, antiForgeryToken,
  successCallback, failureCallback) {
  var data = {
    "__RequestVerificationToken": antiForgeryToken,
    "email": email,
    "password": password,
    "rememberme": rememberme
  };
  $.ajax({
      url: "/Account/LoginJson",
      type: "POST",
      data: data
    })
    .done(function(response) {
      if (response.error) {
        failureCallback(response.message);
      } else {
        successCallback(response.message);
      }
    })
    .fail(function(jqxhr, textStatus, errorThrown) {
      failureCallback(errorThrown);
    });
}

这是成功的回调方法

loginSuccess: function(message) {
  // close the modal
  $('#ModalLogin').modal('hide');
  // change the navbar items to show 'log out'
  $('#loginPartial').replaceWith(message);
}

4

1 回答 1

0

我并没有真正测试代码,但我的第一个猜测是它与流程有关,我认为RequestObject 及其IsAuthenticated属性是在请求本身期间生成的,这发生在实际处理登录之前。我建议您执行以下操作,它还会清理您的代码:

分成_LoginPartial.cshtml两个文件。一个是_LoginPartial.cshtmland 将只包含未经授权的代码(“else”块)。创建另一个文件,名为_LogoutPartial.cshtml您只为授权用户放入内容的位置。

在您switchSignInManager.PasswordSignInAsync结果中,您返回一个部分或另一个。

或者,您可以尝试检查User.Identity.IsAuthenticated而不是Request.IsAuthenticated在您的视图中,它可能会及时正确设置,但这只是一个猜测。

于 2015-09-11T07:05:01.047 回答