I have created an Internet Application from the available MVC4 templates. This template generates an AccountController which I am trying to use. The issue is that even after the WebSecurity.Login() returning true, the User.Identity.IsAuthenticated still returns false, which I don't understand why. First I thought it was late initialization of the InitializeSimpleMembership attribute over the AccountController and so, I moved that part to Application_Start() routine of the Global.ascx.cs, but it didn't make any difference. Here is the relevant code that I am using.
我从可用的MVC4模板创建了一个Internet应用程序。此模板生成我正在尝试使用的AccountController。问题是即使在WebSecurity.Login()返回true之后,User.Identity.IsAuthenticated仍然返回false,我不明白为什么。首先我认为它是通过AccountController对InitializeSimpleMembership属性进行了较晚的初始化,因此,我将该部分移动到Global.ascx.cs的Application_Start()例程,但它没有任何区别。这是我正在使用的相关代码。
Account Controller
[HttpPost]
public ActionResult Login(LoginModel model, string returnUrl) {
if (ModelState.IsValid && WebSecurity.Login(model.UserName, model.Password, persistCookie: model.RememberMe)) {
//Why this should ever return false?
bool isAuthenticated = User.Identity.IsAuthenticated;
//returns false, even when I log in "Admin" role !
if (User.IsInRole("Admin")) {
return RedirectToAction("Index", "Home", new { area = "Admin" });
}
....
}
Global.ascx.cs
public class MvcApplication : System.Web.HttpApplication {
protected void Application_Start() {
AreaRegistration.RegisterAllAreas();
...
// Ensure ASP.NET Simple Membership is initialized only once per app start
LazyInitializer.EnsureInitialized(ref _initializer, ref _isInitialized, ref _initializerLock);
}
private class SimpleMembershipInitializer {
public SimpleMembershipInitializer() {
...
}
}
}
The msdn documentation here states that if the user is logged in, it returns true. So, in the above AccountController code, the User.Identity.IsAuthenticated should always be returning True, but that's not happenning. Its returning false. Any ideas why ?
这里的msdn文档指出,如果用户登录,则返回true。因此,在上面的AccountController代码中,User.Identity.IsAuthenticated应该始终返回True,但这不会发生。它返回假。有什么想法吗?
Edit
My primary issue is to get roles for a given user after he has authenticated successfully, i.e. after the WebSecurity.Login() returns true.
我的主要问题是在成功进行身份验证后,即在WebSecurity.Login()返回true之后为给定用户获取角色。
Edit 2
Roles.IsUserInRole("Admin") returns false even when I log in "Admin" role
即使我登录“Admin”角色,Roles.IsUserInRole(“Admin”)也会返回false
User.IsInRole("Admin") returns false even when log in "Admin" role. This is already mentioned in the code posted in the original post.
即使登录“Admin”角色,User.IsInRole(“Admin”)也会返回false。这已在原帖中发布的代码中提及。
1 个解决方案
#1
0
User.Identity.IsAuthenticated won't return true on your login request until the next request when the Forms Auth cookie is properly set with FormsAuthentication.SetAuthCookie.See http://msdn.microsoft.com/en-us/library/twk5762b.aspx
在使用FormsAuthentication.SetAuthCookie正确设置Forms Auth cookie时,User.Identity.IsAuthenticated将不会在您的登录请求中返回true,请访问http://msdn.microsoft.com/en-us/library/twk5762b。 ASPX
The SetAuthCookie method adds a forms-authentication ticket to either the cookies collection or the URL if CookiesSupported is false. The forms-authentication ticket supplies forms-authentication information to the next request made by the browser. With forms authentication, you can use the SetAuthCookie method when you want to authenticate a user but still retain control of the navigation with redirects.
如果CookiesSupported为false,则SetAuthCookie方法会将表单身份验证票证添加到Cookie集合或URL。表单身份验证票证为浏览器发出的下一个请求提供表单身份验证信息。使用表单身份验证时,如果要对用户进行身份验证但仍保留对重定向的导航控制,则可以使用SetAuthCookie方法。
If you want to see if the login succeeded, use the return value from WebSecurity.Login. See http://msdn.microsoft.com/en-us/library/webmatrix.webdata.websecurity.login(v=vs.111).aspx
如果要查看登录是否成功,请使用WebSecurity.Login的返回值。请参阅http://msdn.microsoft.com/en-us/library/webmatrix.webdata.websecurity.login(v=vs.111).aspx
To check the users role, use Roles.IsUserInRole() then. See http://msdn.microsoft.com/en-us/library/4z6b5d42(v=vs.110).aspx
要检查用户角色,请使用Roles.IsUserInRole()。请参阅http://msdn.microsoft.com/en-us/library/4z6b5d42(v=vs.110).aspx
#1
0
User.Identity.IsAuthenticated won't return true on your login request until the next request when the Forms Auth cookie is properly set with FormsAuthentication.SetAuthCookie.See http://msdn.microsoft.com/en-us/library/twk5762b.aspx
在使用FormsAuthentication.SetAuthCookie正确设置Forms Auth cookie时,User.Identity.IsAuthenticated将不会在您的登录请求中返回true,请访问http://msdn.microsoft.com/en-us/library/twk5762b。 ASPX
The SetAuthCookie method adds a forms-authentication ticket to either the cookies collection or the URL if CookiesSupported is false. The forms-authentication ticket supplies forms-authentication information to the next request made by the browser. With forms authentication, you can use the SetAuthCookie method when you want to authenticate a user but still retain control of the navigation with redirects.
如果CookiesSupported为false,则SetAuthCookie方法会将表单身份验证票证添加到Cookie集合或URL。表单身份验证票证为浏览器发出的下一个请求提供表单身份验证信息。使用表单身份验证时,如果要对用户进行身份验证但仍保留对重定向的导航控制,则可以使用SetAuthCookie方法。
If you want to see if the login succeeded, use the return value from WebSecurity.Login. See http://msdn.microsoft.com/en-us/library/webmatrix.webdata.websecurity.login(v=vs.111).aspx
如果要查看登录是否成功,请使用WebSecurity.Login的返回值。请参阅http://msdn.microsoft.com/en-us/library/webmatrix.webdata.websecurity.login(v=vs.111).aspx
To check the users role, use Roles.IsUserInRole() then. See http://msdn.microsoft.com/en-us/library/4z6b5d42(v=vs.110).aspx
要检查用户角色,请使用Roles.IsUserInRole()。请参阅http://msdn.microsoft.com/en-us/library/4z6b5d42(v=vs.110).aspx