在手动窗体身份验证的用户身份登录 [英] Log user in manually with Forms Authentication
问题描述
我试图实现基于令牌授权一个Asp.Net MVC2应用程序,我觉得我的做法是错误的。第一关:通过基于令牌的授权,我的意思是,当一个未认证用户进入 http://myapp.com/some/action?tok= [特别的单次使用的令牌这里]
他们已登录。
I'm trying to implement token-based authorization for an Asp.Net MVC2 app, and I think my approach is wrong. First off: by token-based authorization I mean that when an unauthenticated user goes to http://myapp.com/some/action?tok=[special single-use token here]
they are logged in.
在我的应用程序中的控制器扩展了一个公共的ApplicationController
,所以我的方法是覆盖 OnAuthorize
上控制器如下:
All of the controllers in my app extend a common ApplicationController
, so my approach was to override OnAuthorize
on that controller as follows:
class ApplicationController
{
protected override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext.HttpContext.Request.QueryString["tok"] != null)
{
var token = HttpUtility.UrlDecode(filterContext.HttpContext.Request.QueryString["tok"]);
if ((var user = getUserByToken(token)) != null)
{
FormsAuthentication.SetAuthCookie(user.Email, false);
}
else{ /* highly-proprietary handling of invalid token */ }
}
base.OnAuthorization(filterContext);
}
}
我的绝对确定的是 SetAuthCookie
正在当它应该和不被称为调用时它不应该。
I am absolutely certain that SetAuthCookie
is being called when it should and not being called when it shouldn't.
问题是,并没有真正用户登录,它设置了一个cookie,这意味着我不得不重定向( User.Identity.IsAuthenticated
遗体打完电话后假 SetAuthCookie
)。但这个整体思路是继续请求正常,避免无谓的重定向。是否有某种方式来实现这一目标?它并没有真正看起来一大堆问...
The problem is, that doesn't really log the user in. It sets a cookie, which means I'd have to redirect (User.Identity.IsAuthenticated
remains false after calling SetAuthCookie
.) But the whole idea about this is to continue the request as normal and avoid a pointless redirect. Is there some way to accomplish this goal? It doesn't really seem like a whole lot to ask...
推荐答案
在你打电话SetAuthCookie,自认倒霉了User.Identity变化。在接下来的请求时,该数据将成为你期待什么。在这里做的最好的事情是发出一个重定向SetAuthCookie被称为后。
After you call SetAuthCookie, nothing changes with the User.Identity. On the next request, the data will be what you are expecting. The best thing to do here is to issue a redirect after SetAuthCookie has been called.
这篇关于在手动窗体身份验证的用户身份登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!