Webforms HttpContext.Current.User.Identity.IsAuthenticated始终为true [英] Webforms HttpContext.Current.User.Identity.IsAuthenticated always true
问题描述
编辑:有人可以解释为什么我为用户名输入"/"吗?请参阅下面的答案"
Can anyone explain why I am getting "/" for the username? See my "Answer" below
我在VS2013(.NET 4.51)中创建了一个新的WebForms应用程序,其中包括新的"身份成员资格提供程序.我想使用旧的会员资格提供程序,如下所示.
I created a new WebForms application in VS2013 (.NET 4.51) which included the "new" Identity membership provider. I wanted to use the older Membership provider so did as follows.
- 按如下所示在web.config中填充必要的条目:
:
<membership defaultProvider="DefaultMembershipProvider">
<providers><add name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
和
<profile defaultProvider="DefaultProfileProvider">
<providers>
<add name="DefaultProfileProvider" type="System.Web.Providers.DefaultProfileProvider, System.Web.Providers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" applicationName="/" />
</providers>
</profile>
<roleManager defaultProvider="DefaultRoleProvider" enabled="true">
<providers>
<add name="DefaultRoleProvider" type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" applicationName="/" />
</providers>
</roleManager>
我仔细检查了身份验证节点:
I doubled checked the authentication node:
<authentication mode="Forms">
<forms loginUrl="Account/Login" timeout="120" defaultUrl="/">
</forms>
</authentication>
我的登录代码如下:
if (Membership.ValidateUser(txtUserName.Text, txtPassword.Text))
{
FormsAuthentication.RedirectFromLoginPage("/", chkRememberMe.Checked);
}
和我的注销代码:
FormsAuthentication.SignOut();
Session.Abandon();
FormsAuthentication.RedirectToLoginPage();
但是HttpContext.Current.User.Identity.IsAuthenticated 始终始终返回TRUE,这意味着即使注销,我仍然可以通过以下限制访问站点中的任何页面:
however HttpContext.Current.User.Identity.IsAuthenticated always returns TRUE, which means that even after I logout I can access any page in the site even through I have the following restriction:
<!-- Entire site is secured -->
<location path=".">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
我在这里想念什么?我猜想原始身份提供者还有一些遗留的问题,我尚未根除,这是导致此问题的原因.此时,安全对我来说根本无法正常工作,我需要在不使用新的身份成员资格提供程序的情况下使它起作用,这是通过VS2013中通过新应用程序模板生成的新应用程序的默认设置.
What am I missing here? I am guessing there is still some legacy from the original Identity provider which I have not eradicated which is causing this issue. At this point security is not working at all for me and I need to get it working without using the new Identity membership provider which is the default for new applications generated via the new application template in VS2013.
非常感谢所有指示和建议.
All pointers and suggestions greatly appreciated.
推荐答案
我今天回到了这一点,现在页面正在按预期进行身份验证(WT ....).因此,我猜想某个地方一定有一个cookie没有被清除.但是,有些事情仍然不正确.
I came back to this today and now pages are authenticating as expected (WT....). So I am guessing that there must have been a cookie somewhere that was not being cleared. However something is still not right.
当我检查用户通过身份验证后
Once the user has authenticated when I inspect:
System.Web.HttpContext.Current.User.Identity.Name
我得到了:
"/"
作为结果,而不是用户通过以下方式登录时输入的名称:
as the result instead of the name the user entered when they logged in via:
Membership.ValidateUser(txtUserName.Text, txtPassword.Text)
即.为什么我没有得到 txtUserName.Text 而不是/
ie. why am I not getting the value of txtUserName.Text instead of /
我想一个相关的问题是,是否有关于如何将项目从身份还原到以前的会员制的HOWTO?
I guess a related question is, is there a HOWTO on how to revert a project from Identity to the previous Membership system?
这篇关于Webforms HttpContext.Current.User.Identity.IsAuthenticated始终为true的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
