使用FormsAuthentication CustomIdentity和更新AuthTicket的UserData时为什么登录重定向无法在MVC? [英] Why does login redirect fail in MVC when using a FormsAuthentication CustomIdentity and updating AuthTicket UserData?
问题描述
使用窗体身份验证,我填补了的UserData 字段序列化 CustomIdentitySerializer 对象。
Using forms authentication, I am filling the UserData field with a serialized CustomIdentitySerializer object.
在用户登录时,我已经验证 Membership.ValidateUser()作品就好。
The user logs in, and I have verified that Membership.ValidateUser() works just fine.
然后我开始填充 CustomIdentitySerializer 对象,并把它送上一个静态 UpdateAuthenticationTicket 方法在静态的UserContext 类,测试数据保留 - 登录后()/ User.Identity.IsAuthenticated:
I then begin populating the CustomIdentitySerializer object and send it off to a static UpdateAuthenticationTicket method in a static UserContext class to test data retention - After Login() / User.Identity.IsAuthenticated:
// set auth ticket
UserContext.UpdateAuthenticationTicket(user.Username, serializeModel);
// get custom identity - user properties
string userName = UserContext.Identity.UserName;
// reset login attempts
Session["_LoginAttempts"] = 0;
return RedirectToAction("Index", "Dashboard");
Helper方法:
Helper method:
/// <summary>
/// As we will want to update the UserData portion of the cookie while the
/// user is logged, this will be reused
///
/// Auth Ticket/Cookie's UserData property is the CustomIdentitySerializer object
/// </summary>
/// <param name="userName"></param>
/// <param name="userData"></param>
public static void UpdateAuthenticationTicket(string userName, CustomIdentitySerializer userData)
{
//var authUser = GetUser(userName);
JavaScriptSerializer serializer = new JavaScriptSerializer();
string userDataSerialized = serializer.Serialize(userData);
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1,
userName,
DateTime.Now,
DateTime.Now.AddMinutes(30),
false,
userDataSerialized,
FormsAuthentication.FormsCookiePath);
// encrypt the ticket
string encTicket = FormsAuthentication.Encrypt(authTicket);
// create/set the cookie
HttpCookie faCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket);
HttpContext.Current.Response.Cookies.Add(faCookie);
}
用户数据可以通过用户在网站上的时间而改变,所以每当需要的数据进行更改,我们将重新使用这个方法。
userData can change through the user's time on the site, so we will reuse this method whenever that data needs to be changed.
在的Global.asax.cs 我有:
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
HttpCookie authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie != null)
{
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
var fromsIdentity = new FormsIdentity(authTicket);
// Get the GenericPrincipal identity
IIdentity ui = HttpContext.Current.User.Identity;
CustomIdentity customIdentity = new CustomIdentity(ui.Name);
CustomPrincipal customPrincipal = new CustomPrincipal(ui.Name);
string userData = ((FormsIdentity)(Context.User.Identity)).Ticket.UserData;
// Set custom principal
HttpContext.Current.User = customPrincipal;
}
}
/// <summary>
/// Since we set current project and other custom user fields through the user experience,
/// these are saved in the authticket/cookie's UserData field as a CustomIdentitySerializer object type
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
HttpCookie authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie != null)
{
// get the current cookie
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
var fromsIdentity = new FormsIdentity(authTicket);
JavaScriptSerializer serializer = new JavaScriptSerializer();
CustomIdentitySerializer userData = serializer.Deserialize<CustomIdentitySerializer>(authTicket.UserData);
CustomPrincipal customPrincipal = new CustomPrincipal(HttpContext.Current.User.Identity.Name);
customPrincipal.CustomIdentity.FirstName = userData.FirstName;
customPrincipal.CustomIdentity.LastName = userData.LastName;
customPrincipal.CustomIdentity.CurrentProject = userData.CurrentProject;
HttpContext.Current.User = customPrincipal;
}
}
}
我想,这可能与没有被委托商正确设置或改写的事情。
I think this may have to do with the Principal provider not being set properly or rewritten.
在 Application_AuthenticateRequest 得到的打击,其次是 Application_PostAuthenticateRequest 。这个过程中出现了两次,然后再返回到登录页面。
After the cookie value is set, Application_AuthenticateRequest get's hit, followed by Application_PostAuthenticateRequest. This process occurs twice, then back to the Login page.
看来,在code Application_AuthenticateRequest 是没有用的,因为我没有设置任何属性反正有没有。
It seems that the code in Application_AuthenticateRequest is not useful, as I'm not setting any properties there anyway.
问题是,当用户实际上是登录, RedirectToAction 追溯到的http://本地主机:1982 /帐号/登录?RETURNURL =%2fDashboard ,而不是相应的页面。
The problem is that after the user is actually logged in, the RedirectToAction goes back to http://localhost:1982/Account/Login?ReturnUrl=%2fDashboard rather than appropriate page.
是否有具有静态的UserContext 类?
在此,请了一些援助就如何清洁并得到工作?
Some assistance on this please on how to clean this up and getting working?
感谢。
- 更新 -
在 Application_PostAuthenticateRequest ,看设置为 authCookie 对象过期 {1/1/0001 12:00:00 AM} 。无论如何, authTicket cookie有效期是正确的 - 从创建30分钟的时间。这样的cookie是存在的。
In looking at the authCookie object in Application_PostAuthenticateRequest, Expires is set to {1/1/0001 12:00:00 AM}. Regardless, the authTicket cookie expiration is correct - 30 minutes from time of creation. So that cookie is there.
还有什么呢?
- 更新 -
在看cookie版本,我注意到有差别。当我设置 UpdateAuthenticationTicket 的饼干,我检查:
In looking at the cookie version, I notice a difference. As soon as I set the cookie in UpdateAuthenticationTicket, I check:
authTicket.Version =
和
FormsAuthentication.Decrypt(HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName].Value).Version = 2
FormsAuthentication.Decrypt(HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName].Value).Version = 2
不知道为什么有两个版本,如果有人能请解释一下呢?我试着与设置版本= 2饼干 - 同样的问题
Not sure why there are two versions, if someone can please explain that as well? I tried setting the cookie with version=2 - same issue.
推荐答案
在进一步与此瞎搞,我搬到了code在从 Application_PostAuthenticateRequest 到 Application_AuthenticateRequest ,一切似乎现在的工作罚款:
In further messing around with this, I moved the code over from Application_PostAuthenticateRequest to Application_AuthenticateRequest and everything seems to work fine now:
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
HttpCookie authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie != null && HttpContext.Current.User.Identity.IsAuthenticated)
{
if (authCookie != null)
{
// get the current cookie
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
var fromsIdentity = new FormsIdentity(authTicket);
JavaScriptSerializer serializer = new JavaScriptSerializer();
CustomPrincipal customPrincipal = new CustomPrincipal(HttpContext.Current.User.Identity.Name);
CustomIdentitySerializer userData = serializer.Deserialize<CustomIdentitySerializer>(authTicket.UserData);
if (userData != null)
{
customPrincipal.CustomIdentity.FirstName = userData.FirstName;
customPrincipal.CustomIdentity.LastName = userData.LastName;
customPrincipal.CustomIdentity.CurrentProject = userData.CurrentProject;
}
HttpContext.Current.User = customPrincipal;
}
}
}
有人可以请解释这是为什么,因为这么多我已经找到了此引用指示把这个code在 Application_PostAuthenticateRequest ???
这篇关于使用FormsAuthentication CustomIdentity和更新AuthTicket的UserData时为什么登录重定向无法在MVC?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
