谁设置HttpContext.User.Identity的IsAuthenticated属性 [英] Who sets the IsAuthenticated property of the HttpContext.User.Identity

问题描述

这code是从asp.net的MVC RTM源$ C ​​$ C

This code is from the asp.net mvc RTM source code

谁制定的IsAuthenticated属性HttpContext.User.Identity？

Who sets the IsAuthenticated property of the HttpContext.User.Identity ?

   protected virtual bool AuthorizeCore(HttpContextBase httpContext) {
        if (httpContext == null) {
            throw new ArgumentNullException("httpContext");
        }

        IPrincipal user = httpContext.User;
        if (!user.Identity.IsAuthenticated) {
            return false;
        }
    }

是IsAuthenticated属性通过调用方法（asp.net MVC 4.0示例项目）设置：

Is the IsAuthenticated property set by calling the method (asp.net mvc 4.0 sample project):

FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);

在我上面的FormsAuth ...方法调用调试后，在 LogOn支持的asp.net MVC 4.0示例项目的方法code。执行

When I debug the code of the LogOn method of the asp.net mvc 4.0 sample project after the above FormsAuth... method call. The execution of

User.Identity.IsAuthenticated

仍返回FALSE。只有当我调试的注销等法

User.Identity.IsAuthenticated

说TRUE。那么，谁是这个属性设置为true，当？

says TRUE. So who is setting this property to TRUE and WHEN ?

更新

这是关于表格认证！

我现在调试asp.net mvc的示例项目的登录方法，并返回我的AuthorizeCore法的登录操作后，我已重写叫，然后IsAuthenticated属性为TRUE！

I did now debug the LogOn method of the asp.net mvc sample project and after the LogOn action is returned my AuthorizeCore method I have overridden is called and then the IsAuthenticated property is TRUE!

请问TRUE的设置可能取决于ModelState.Value.Error藏品？

Does setting of TRUE depend maybe of the ModelState.Value.Error collections ?

如果在错误的集合计数== 0的IsAuthenticated为TRUE
否则IsAuthenticated是假

If count == 0 in the error collections the IsAuthenticated is TRUE else the IsAuthenticated is FALSE

您能否证实？

推荐答案

此属性由窗体身份验证模块设置读取和分析从请求中的窗体身份验证cookie 。我已经把大胆的要求，因为我怀疑这就是为什么你正在观察这种现象的原因。让我解释。当你调用 FormsAuthentication.SetAuthCookie 在验证成功后，你所添加的身份验证cookie到响应。此cookie将被存储在客户端浏览器上，将在后续请求发送。因此，它是只在随后的，作为认证的用户将被认为是请求。因此，你需要调用SetAuthCookie方法后总是重定向。里面的那个调用此方法要求你已经知道了，所以你并不需要检查IsAuthenticated属性的用户是否提供了正确的凭据。

This property is set by the forms authentication module by reading and parsing the forms authentication cookie from the request. I've put request in bold because I suspect that's the reason why you are observing this behavior. Let me explain. When you call FormsAuthentication.SetAuthCookie upon successful authentication you are adding the authentication cookie to the response. This cookie will be stored on the client browser and will be sent on subsequent requests. So it is only on subsequent requests that the user will be considered as authenticated. So you need to always redirect after calling the SetAuthCookie method. Inside the request that called this method you already know whether the user provided correct credentials so you don't need to check the IsAuthenticated property.

这篇关于谁设置HttpContext.User.Identity的IsAuthenticated属性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！