IsAuthenticated适用于浏览器 - 而不是空气的客户！ [英] IsAuthenticated works on browser - but not with Air client!

问题描述

我的登录code，身份验证后：

My login code, after authentication:

var authTicket = new FormsAuthenticationTicket(
                1,
                userName,
                DateTime.Now,
                DateTime.Now.AddMinutes(20), // expiry
                false,
                roles,
                "/");
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(authTicket));
Response.Cookies.Add(cookie);

和，感谢<一href="http://stackoverflow.com/questions/5314673/mvc-authentication-roles-not-working/5314736#5314736">Darin季米特洛夫，我有一个自定义授权属性：

and, thanks to Darin Dimitrov, I have a custom Authorize attribute:

[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited = true, AllowMultiple = true)]
public class TJAuthorize : AuthorizeAttribute {
    public override void OnAuthorization(AuthorizationContext filterContext) {
        string cookieName = FormsAuthentication.FormsCookieName;

        if (!filterContext.HttpContext.User.Identity.IsAuthenticated ||
                filterContext.HttpContext.Request.Cookies == null || filterContext.HttpContext.Request.Cookies[cookieName] == null) {
                    HandleUnauthorizedRequest(filterContext);
            return;
        }

        var authCookie = filterContext.HttpContext.Request.Cookies[cookieName];
        var authTicket = FormsAuthentication.Decrypt(authCookie.Value);
        string[] roles = authTicket.UserData.Split(',');

        var userIdentity = new GenericIdentity(authTicket.Name);
        var userPrincipal = new GenericPrincipal(userIdentity, roles);

        filterContext.HttpContext.User = userPrincipal;
        base.OnAuthorization(filterContext);
    }

这一切精美的作品，当我在一个浏览器会话正在处理。但现在我正与一个Flash / Adob​​e AIR的客户端，并验证属性是导致失败。通过将调试语句到code，我可以告诉大家的是：

This all works beautifully when I'm working in a browser session. But now I am working with a Flash/Adobe Air client, and the authentication attribute is causing a failure. By putting debug statements into the code, I can tell that:

filterContext.HttpContext.User.Identity.IsAuthenticated

是假的 - 即使在成功登录后，

is false - even after a successful login!

为什么要有使用浏览器客户端和空气客户端之间有什么区别？又是如何解决这个问题？

Why should there be any difference between using a browser client and an Air client? And how do I fix this?

编辑：另一条线索：投入多一些调试语句后，我发现， filterContext.HttpContext.User.Identity 不正确设置使得从空中通话的时候 - 在名称属性出来的空白！会话ID是正确的，饼干ID是正确的 - 但 User.Identity 未设置。任何想法，为什么这可能发生？

Another clue: after putting in some more debug statements, I have found that the filterContext.HttpContext.User.Identity is not correctly set when making the call from Air - the Name property comes out blank! Session ID is correct, cookie ID is correct - but the User.Identity is not set. Any ideas why this might be happening?

推荐答案

也许HttpCookieMode（http://msdn.microsoft.com/en-us/library/system.web.httpcookiemode.aspx）被设置为错误的值？

Perhaps HttpCookieMode (http://msdn.microsoft.com/en-us/library/system.web.httpcookiemode.aspx) is set to the wrong value?

默认为UseDeviceProfile ...当你强迫它UseCookies会发生什么情况？

Default is UseDeviceProfile ... what happens when you force it to UseCookies ?

这篇关于IsAuthenticated适用于浏览器 - 而不是空气的客户！的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！