FormsAuthentication MVC4 [英] FormsAuthentication MVC4
问题描述
我正在尝试通过MVC4网站获得简单的表单身份验证设置.
I am trying to get simple Forms Authentication setup with an MVC4 website.
在App_start/FilterConfig.cs中:
In App_start/FilterConfig.cs:
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new HandleErrorAttribute());
filters.Add(new AuthorizeAttribute());
}
在Web.config中:
In Web.config:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" name=".ASPFORMSAUTH" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
在Controllers/AccountController中:
In Controllers/AccountController:
[AllowAnonymous]
public ActionResult Login()
{
return View("~/Views/MyAccountViews/Login.cshtml");
}
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Login(LoginModel model, string returnUrl)
{
ActionResult retVal = View("~/Views/MyAccountViews/Login.cshtml", model);
if (ModelState.IsValid)
{
if (Membership.ValidateUser(model.UserName, model.Password))
{
FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
retVal = RedirectToAction("Index", "Home");
}
}
return retVal;
}
现在,当我在Visual Studio(位于基本URL(例如localhost:1111/)上)中对其进行调试时,它可以正确地重定向到登录页面(localhost:1111/Account/Login?ReturnUrl =%2f)
Now when I debug this in Visual Studio, which lands on the base URL (say localhost:1111/) it correctly redirects to the login page (localhost:1111/Account/Login?ReturnUrl=%2f)
但是,如果我仅将URL修改回localhost:1111/并按Enter,就可以访问该站点.在这种情况下,httpcontext.current.user.identity.name仍然是我的Windows NT登录名.我已经确保调用FormsAuthentication.Logout清除cookie.如果我登录并将"PersistCookie"设置为true,则不要调用FormsAuthentication.Logout,而只是重新启动调试会话,我仍然最初会重新定向到登录"页面,但是可以通过修改URL来规避.因此,使用和不使用Cookie的结果相同.如何使用严格的表单身份验证进行这项工作?我在做什么错了?
However, if I just modify the URL back to localhost:1111/ and hit enter, I am able to access the site. In this scenario, httpcontext.current.user.identity.name is still my Windows NT login name. I have made sure to call FormsAuthentication.Logout to clear the cookie. If I login, and set "PersistCookie" to true, don't call FormsAuthentication.Logout, and just reboot my debug session, I am still initially re-directed to the Login page, but can just circumvent by modifying the URL. So, same results with and without the cookie. How do I make this work with strictly Forms Authentication? What am I doing wrong?
推荐答案
您需要添加过滤器以检查用户是否已通过身份验证/授权.
You need to add filter to check that user is authenticated/Authorized or not.
1.添加以下属性
公共类AuthorizeWithSessionAttribute:AuthorizeAttribute {
public class AuthorizeWithSessionAttribute : AuthorizeAttribute {
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext.Session == null || httpContext.Session["XYZSession"] == null)
return false;
return base.AuthorizeCore(httpContext);
}
}
2.在SetAuthCookie()
FormsAuthentication.SetAuthCookie(user.UserName,false);
FormsAuthentication.SetAuthCookie(user.UserName, false);
Session ["XYZSession"] =设置名称/参数";
Session["XYZSession"] = "Set name/parameter";
3.在控制器之前设置属性
[AuthorizeWithSessionAttribute]
[AuthorizeWithSessionAttribute]
公共类XYZController:控制器
public class XYZController : Controller
这篇关于FormsAuthentication MVC4的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!