FormsAuthentication MVC4 [英] FormsAuthentication MVC4

问题描述

我正在尝试通过MVC4网站获得简单的表单身份验证设置.

I am trying to get simple Forms Authentication setup with an MVC4 website.

在App_start/FilterConfig.cs中:

In App_start/FilterConfig.cs:

public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
   filters.Add(new HandleErrorAttribute());
   filters.Add(new AuthorizeAttribute());
}

在Web.config中:

In Web.config:

<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" name=".ASPFORMSAUTH" />
</authentication>
  <authorization>
      <deny users="?" />
</authorization>

在Controllers/AccountController中:

In Controllers/AccountController:

[AllowAnonymous]
public ActionResult Login()
{
    return View("~/Views/MyAccountViews/Login.cshtml");
}

[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Login(LoginModel model, string returnUrl)
{
    ActionResult retVal = View("~/Views/MyAccountViews/Login.cshtml", model); 

    if (ModelState.IsValid)
    {
        if (Membership.ValidateUser(model.UserName, model.Password))
        {
            FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
            retVal = RedirectToAction("Index", "Home");
        } 
    }

    return retVal;
}

现在，当我在Visual Studio(位于基本URL(例如localhost:1111/)上)中对其进行调试时，它可以正确地重定向到登录页面(localhost:1111/Account/Login?ReturnUrl =％2f)

Now when I debug this in Visual Studio, which lands on the base URL (say localhost:1111/) it correctly redirects to the login page (localhost:1111/Account/Login?ReturnUrl=%2f)

但是，如果我仅将URL修改回localhost:1111/并按Enter，就可以访问该站点.在这种情况下，httpcontext.current.user.identity.name仍然是我的Windows NT登录名.我已经确保调用FormsAuthentication.Logout清除cookie.如果我登录并将"PersistCookie"设置为true，则不要调用FormsAuthentication.Logout，而只是重新启动调试会话，我仍然最初会重新定向到登录"页面，但是可以通过修改URL来规避.因此，使用和不使用Cookie的结果相同.如何使用严格的表单身份验证进行这项工作?我在做什么错了?

However, if I just modify the URL back to localhost:1111/ and hit enter, I am able to access the site. In this scenario, httpcontext.current.user.identity.name is still my Windows NT login name. I have made sure to call FormsAuthentication.Logout to clear the cookie. If I login, and set "PersistCookie" to true, don't call FormsAuthentication.Logout, and just reboot my debug session, I am still initially re-directed to the Login page, but can just circumvent by modifying the URL. So, same results with and without the cookie. How do I make this work with strictly Forms Authentication? What am I doing wrong?

推荐答案

您需要添加过滤器以检查用户是否已通过身份验证/授权.

You need to add filter to check that user is authenticated/Authorized or not.

1.添加以下属性

公共类AuthorizeWithSessionAttribute:AuthorizeAttribute {

public class AuthorizeWithSessionAttribute : AuthorizeAttribute {

protected override bool AuthorizeCore(HttpContextBase httpContext)
{

if (httpContext.Session == null || httpContext.Session["XYZSession"] == null)

    return false;

return base.AuthorizeCore(httpContext);
}

}

2.在SetAuthCookie()

FormsAuthentication.SetAuthCookie(user.UserName，false);

FormsAuthentication.SetAuthCookie(user.UserName, false);

Session ["XYZSession"] =设置名称/参数";

Session["XYZSession"] = "Set name/parameter";

3.在控制器之前设置属性

[AuthorizeWithSessionAttribute]

[AuthorizeWithSessionAttribute]

公共类XYZController:控制器

public class XYZController : Controller

这篇关于FormsAuthentication MVC4的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！