使用FormsAuthentication CustomIdentity和更新AuthTicket的UserData时为什么登录重定向无法在MVC? [英] Why does login redirect fail in MVC when using a FormsAuthentication CustomIdentity and updating AuthTicket UserData?

查看:421
本文介绍了使用FormsAuthentication CustomIdentity和更新AuthTicket的UserData时为什么登录重定向无法在MVC?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

使用窗体身份验证,我填补了的UserData 字段序列化 CustomIdentitySerializer 对象。

Using forms authentication, I am filling the UserData field with a serialized CustomIdentitySerializer object.

在用户登录时,我已经验证 Membership.ValidateUser()作品就好。

The user logs in, and I have verified that Membership.ValidateUser() works just fine.

然后我开始填充 CustomIdentitySerializer 对象,并把它送上一个静态 UpdateAuthenticationTicket 方法在静态的UserContext 类,测试数据保留 - 登录后()/ User.Identity.IsAuthenticated:

I then begin populating the CustomIdentitySerializer object and send it off to a static UpdateAuthenticationTicket method in a static UserContext class to test data retention - After Login() / User.Identity.IsAuthenticated:

// set auth ticket
UserContext.UpdateAuthenticationTicket(user.Username, serializeModel);

// get custom identity - user properties
string userName = UserContext.Identity.UserName;

// reset login attempts
Session["_LoginAttempts"] = 0;

return RedirectToAction("Index", "Dashboard");

Helper方法:

Helper method:

/// <summary>
/// As we will want to update the UserData portion of the cookie while the 
/// user is logged, this will be reused
/// 
/// Auth Ticket/Cookie's UserData property is the CustomIdentitySerializer object
/// </summary>
/// <param name="userName"></param>
/// <param name="userData"></param>
public static void UpdateAuthenticationTicket(string userName, CustomIdentitySerializer userData)
{
    //var authUser = GetUser(userName);
    JavaScriptSerializer serializer = new JavaScriptSerializer();
    string userDataSerialized = serializer.Serialize(userData);

    FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1,
        userName,
        DateTime.Now,
        DateTime.Now.AddMinutes(30),
        false,
        userDataSerialized,
        FormsAuthentication.FormsCookiePath);

        // encrypt the ticket
        string encTicket = FormsAuthentication.Encrypt(authTicket);

        // create/set the cookie
        HttpCookie faCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket);
        HttpContext.Current.Response.Cookies.Add(faCookie);

    }

用户数据可以通过用户在网站上的时间而改变,所以每当需要的数据进行更改,我们将重新使用这个方法。

userData can change through the user's time on the site, so we will reuse this method whenever that data needs to be changed.

的Global.asax.cs 我有:

protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
    HttpCookie authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];

    if (authCookie != null)
    {
        FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);

        var fromsIdentity = new FormsIdentity(authTicket);

        // Get the GenericPrincipal identity  
        IIdentity ui = HttpContext.Current.User.Identity;  

        CustomIdentity customIdentity = new CustomIdentity(ui.Name);
        CustomPrincipal customPrincipal = new CustomPrincipal(ui.Name);

        string userData = ((FormsIdentity)(Context.User.Identity)).Ticket.UserData;

        // Set custom principal 
        HttpContext.Current.User = customPrincipal;
    }
}

/// <summary>
/// Since we set current project and other custom user fields  through the user experience,
/// these are saved in the authticket/cookie's UserData field as a CustomIdentitySerializer object type
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
{
    if (HttpContext.Current.User.Identity.IsAuthenticated)
    {
        HttpCookie authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];

        if (authCookie != null)
        {
            // get the current cookie
            FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
            var fromsIdentity = new FormsIdentity(authTicket);
            JavaScriptSerializer serializer = new JavaScriptSerializer();
            CustomIdentitySerializer userData = serializer.Deserialize<CustomIdentitySerializer>(authTicket.UserData);

            CustomPrincipal customPrincipal = new CustomPrincipal(HttpContext.Current.User.Identity.Name);
            customPrincipal.CustomIdentity.FirstName = userData.FirstName;
            customPrincipal.CustomIdentity.LastName = userData.LastName;
            customPrincipal.CustomIdentity.CurrentProject = userData.CurrentProject;

            HttpContext.Current.User = customPrincipal;
        }
    }
}

我想,这可能与没有被委托商正确设置或改写的事情。

I think this may have to do with the Principal provider not being set properly or rewritten.

Application_AuthenticateRequest 得到的打击,其次是 Application_PostAuthenticateRequest 。这个过程中出现了两次,然后再返回到登录页面。

After the cookie value is set, Application_AuthenticateRequest get's hit, followed by Application_PostAuthenticateRequest. This process occurs twice, then back to the Login page.

看来,在code Application_AuthenticateRequest 是没有用的,因为我没有设置任何属性反正有没有。

It seems that the code in Application_AuthenticateRequest is not useful, as I'm not setting any properties there anyway.

问题是,当用户实际上是登录, RedirectToAction 追溯到的http://本地主机:1982 /帐号/登录?RETURNURL =%2fDashboard ,而不是相应的页面。

The problem is that after the user is actually logged in, the RedirectToAction goes back to http://localhost:1982/Account/Login?ReturnUrl=%2fDashboard rather than appropriate page.

是否有具有静态的UserContext 类?

在此,请了一些援助就如何清洁并得到工作?

Some assistance on this please on how to clean this up and getting working?

感谢。

- 更新 -

Application_PostAuthenticateRequest authCookie 对象过期设置为 {1/1/0001 12:00:00 AM} 。无论如何, authTicket cookie有效期是正确的 - 从创建30分钟的时间。这样的cookie是存在的。

In looking at the authCookie object in Application_PostAuthenticateRequest, Expires is set to {1/1/0001 12:00:00 AM}. Regardless, the authTicket cookie expiration is correct - 30 minutes from time of creation. So that cookie is there.

还有什么呢?

- 更新 -

在看cookie版本,我注意到有差别。当我设置 UpdateAuthenticationTicket 的饼干,我检查:

In looking at the cookie version, I notice a difference. As soon as I set the cookie in UpdateAuthenticationTicket, I check:

authTicket.Version = 

FormsAuthentication.Decrypt(HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName].Value).Version = 2

FormsAuthentication.Decrypt(HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName].Value).Version = 2

不知道为什么有两个版本,如果有人能请解释一下呢?我试着与设置版本= 2饼干 - 同样的问题

Not sure why there are two versions, if someone can please explain that as well? I tried setting the cookie with version=2 - same issue.

推荐答案

在进一步与此瞎搞,我搬到了code在从 Application_PostAuthenticateRequest Application_AuthenticateRequest ,一切似乎现在的工作罚款:

In further messing around with this, I moved the code over from Application_PostAuthenticateRequest to Application_AuthenticateRequest and everything seems to work fine now:

protected void Application_AuthenticateRequest(object sender, EventArgs e)
{

    HttpCookie authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];

    if (authCookie != null && HttpContext.Current.User.Identity.IsAuthenticated)
    {

        if (authCookie != null)
        {
            // get the current cookie
            FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
            var fromsIdentity = new FormsIdentity(authTicket);
            JavaScriptSerializer serializer = new JavaScriptSerializer();
            CustomPrincipal customPrincipal = new CustomPrincipal(HttpContext.Current.User.Identity.Name);
            CustomIdentitySerializer userData = serializer.Deserialize<CustomIdentitySerializer>(authTicket.UserData);
            if (userData != null)
            {
                customPrincipal.CustomIdentity.FirstName = userData.FirstName;
                customPrincipal.CustomIdentity.LastName = userData.LastName;
                customPrincipal.CustomIdentity.CurrentProject = userData.CurrentProject;
            }

            HttpContext.Current.User = customPrincipal;
        }
    }
}

有人可以请解释这是为什么,因为这么多我已经找到了此引用指示把这个code在 Application_PostAuthenticateRequest ???

这篇关于使用FormsAuthentication CustomIdentity和更新AuthTicket的UserData时为什么登录重定向无法在MVC?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆