Mvc表单身份验证 [英] Mvc forms authentication
问题描述
我是MVC授权和身份验证的新手。我正在构建一个登录页面,当用户成功登录时,它们将被重定向到关于页面,然后在页面内部还有其他链接指向同一用户需要授权的页面。
我是否必须在所有ActionResult方法中指定[授权]?
如果是这样的话,每次点击该特定页面的链接时都不会要求用户登录?
我显然希望用户登录一次,但是当我装饰时其他具有授权的ActionResult方法即使设置了cookie也会被重定向到登录页面。
我正在使用FormsAuthentication。
有人可以告诉我我做错了什么吗?
我尝试了什么:
I'm new in MVC Authorization and Authentication. I'm building a login page that when users successfully logs in they'll be redirected to "About" page then inside about page there are other links that point to pages that needs authorization as well for the same user.
Do i have to specify the [Authorize] in all ActionResult methods or not?
If so, wont the user be requested to sign in everytime they click the link for that particular page?
I obviously want the user to sign in once, but when i decorate the other ActionResult method with authorize i get redirected to Login page even when the cookie is set.
Im using FormsAuthentication.
Can someone please tell me what I'm doing wrong?
What I have tried:
Public ActionResult Login ()
{
/*
If loggin succeeds redirect to about page
*/
}
[Authorize]
Public ActionResult About()
{
}
[Authorize]
Public ActionResult Other()
{
}
推荐答案
我将首先假设您使用的是MVC 4或更高版本。
要先解决您的问题,您应该只如果您必须登录才能查看操作所服务的数据/页面,请使用控制器上的[Authorize]属性。因此,在您的情况下,如果您希望用户登录到您的应用程序以查看关于页面,那么这需要授权属性以及您需要用户进行身份验证才能查看的每个页面。
另外请注意,甚至还有一个属性[AllowAnonymous],你可以装饰控制器的动作,明确表示用户是未登录的人有能力查看目标行动的数据/页面。
因此我假设在视觉工作室创建一个全新的MVC项目时,如果您进行了正确的项目选择,您应该最终创建一个初始应用程序,该应用程序提供注册用户,登录,帐户管理以及匿名查看某些页面的能力,以及登录查看其他页面的要求。
如果你想从头开始这么做(我猜是的,因为我理解你的问题,你说他们随时点击一个具有授权属性的链接,他们需要登录,这意味着没有设置auth cookie)。
由于您正在学习,我强烈建议您使用自动生成的锅炉板应用程序作为新项目并在此基础上构建。我想我可以在这里看到我所引用的内容,只是浏览了这个链接: MVC和Identity Framework 2.0 [ ^ ]
通过使用visual studio生成的项目,您可以避免必须对正确处理身份验证所需的所有后端管道进行编码,其中包括将会话保持为不需要每次他们点击用[授权]属性装饰的动作时登录。
我会做一些进一步的链接鼓励你去研究MVC认证。
保护您的ASP.NET MVC 4应用程序和新的AllowAnonymous属性 - Azure上的RickAndMSFT& MVC [ ^ ]
ASP.NET身份| ASP.NET网站 [ ^ ]
ASP.NET MVC和Identity 2.0:理解基础知识 [ ^ ]
Im going to make an initial assumption that you are using MVC 4 or greater.
To address your questions first, you should only use the[Authorize]attribute on your controller Actions if you have to be logged in in order to view whatever data/page that action serves. So in your case, if you want the user to be logged in to your app in order to view the About page, then yes this needs the Authorize Attribute along with every page that you require the user to authenticated to view.
Another note, there is even an attribute[AllowAnonymous]that you can decorate actions of your controller that explicitly says users who are not logged in have the ability to view the data/page of the targeted action.
So reason for my assumption, when creating a brand new MVC project in visual studio, if you make the proper project selections you should end up creating a initial application that provides register user, login, account management and ability to view some pages anonymously vrs a requirement of being logged in to view other pages.
If you are trying to do this all from scratch (im guessing yes since as I understand your question you say that anytime they click a link that has Authorize attribute on it, they are required to log in which means the auth cookies are not being set).
Since you are learning I would highly recommend you use the boiler plate application that is auto generated as a new project and build on top of that. I think what i reference can be seen here, only skimmed over this link: MVC and Identity Framework 2.0[^]
By using the project generated by visual studio you bypass the need of having to code all the back end plumbing that is required to properly handle authentication which includes persisting sessions to not require logging in every time they click an action decorated with the[Authorize]attribute.
Some further links I would encourage you to look into for MVC authentication.
Securing your ASP.NET MVC 4 App and the new AllowAnonymous Attribute – RickAndMSFT on Azure & MVC[^]
ASP.NET Identity | The ASP.NET Site[^]
ASP.NET MVC and Identity 2.0: Understanding the Basics[^]
这篇关于Mvc表单身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
