Mvc 身份验证的问题

悬赏园豆：100 [已关闭问题] 关闭于 2015-07-17 14:34

public class CustomAuthorizeAttribute : AuthorizeAttribute
    {
        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            if (!filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true)
 && !filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true))
            {
                var referrer = filterContext.HttpContext.Request.UrlReferrer == null ? null : filterContext.HttpContext.Request.UrlReferrer.Host;
                var ddd = filterContext.HttpContext.User.Identity.IsAuthenticated;
                if (!filterContext.HttpContext.Request.IsAuthenticated)
                {
                    filterContext.Result = new RedirectResult("/Test/_login");
                }

            }
        }
    }

如上，我在Mvc写了一个过滤器，验证

filterContext.HttpContext.Request.IsAuthenticated是否为true

并且我在Controller中写了如下代码让身份验证通过

 FormsAuthenticationTicket Ticket = new FormsAuthenticationTicket(1, "Uid", DateTime.Now, DateTime.Now.AddDays(1), true, "UserData");
            HttpCookie Cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(Ticket));//加密身份信息，保存至Cookie
            Cookie.Expires = DateTime.Now.AddHours(12);
            Response.Cookies.Add(Cookie);

但是执行这些代码之后，过滤器的那个

IsAuthenticated一直为false，头大。

求助，困扰好久了。。。

Mvc 身份验证

问题补充：

Controller层的代码

 private IUserService UserService;
        public AccountController(IUserService userService)
        {
            this.UserService = userService;
            base.AddDisposableObject(this.UserService);
        }
        [AllowAnonymous]
        public ActionResult Login(string returnUrl)
        {
            ViewBag.ReturnUrl = returnUrl;
            return View();
        }
        //登录
        [AllowAnonymous]
        [HttpPost]
        public ActionResult Login(string uid, string pwd, string returnUrl)
        {
            var mode = UserService.GetUserInfo(uid, pwd);
            if (mode != null)
            {
                SessionAccount userinfo = new SessionAccount {UserId = mode.uid, UserName = mode.uname};
                SaveCookie(userinfo);
            }
            else
            {
                return Content("{\"user\":\"null\"}");
            }
            if (!string.IsNullOrEmpty(returnUrl))
                return RedirectToLocal(returnUrl);

            return RedirectToLocal("/account/index");
        }
     
        
     
        private void SaveCookie(SessionAccount sessionAccount)
        {
            //HttpCookie authCookie = FormsAuthentication.GetAuthCookie(sessionAccount.UserId.ToString(), true);

            FormsAuthentication.SetAuthCookie(sessionAccount.UserId.ToString(),true);
            string UserData = SerializeHelper.JsonSerialize(sessionAccount);//序列化用户实体
            //保存身份信息，参数说明可以看提示
            FormsAuthenticationTicket Ticket = new FormsAuthenticationTicket(1, sessionAccount.UserId.ToString(), DateTime.Now, DateTime.Now.AddDays(1), true, UserData);
            HttpCookie Cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(Ticket));//加密身份信息，保存至Cookie
            Cookie.Expires = DateTime.Now.AddHours(12);
            Response.Cookies.Add(Cookie); 
        }

        public ActionResult Index()
        {
            return View();
        }

View Code

Tzn | 初学一级 | 园豆：11
提问于：2015-02-28 17:14

< >

所有回答(3)

web.config是否设置了

登陆通过后设置

FormsAuthentication.SetAuthCookie(....)

Yu | 园豆：12980 (专家六级) | 2015-02-28 17:23

  <authentication mode="Forms">
      <forms loginUrl="~/Account/Login" timeout="2880" />
    </authentication>

FormsAuthentication.SetAuthCookie(sessionAccount.UserId.ToString(),true);

支持(0) 反对(0) Tzn | 园豆：11 (初学一级) | 2015-02-28 18:00

你这里写的有问题啊。你用了Authorize，在登录的时候为什么没有设置身份验证票证啊。

PandaIT | 园豆：333 (菜鸟二级) | 2015-02-28 17:33

有的呀，忘了贴出来

FormsAuthentication.SetAuthCookie(sessionAccount.UserId.ToString(),true);

支持(0) 反对(0) Tzn | 园豆：11 (初学一级) | 2015-02-28 18:02

@Tzn: 你把

string UserData = SerializeHelper.JsonSerialize(sessionAccount);//序列化用户实体
            //保存身份信息，参数说明可以看提示
            FormsAuthenticationTicket Ticket = new FormsAuthenticationTicket(1, sessionAccount.UserId.ToString(), DateTime.Now, DateTime.Now.AddDays(1), true, UserData);
            HttpCookie Cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(Ticket));//加密身份信息，保存至Cookie
            Cookie.Expires = DateTime.Now.AddHours(12);
            Response.Cookies.Add(Cookie);

这注释掉试试

支持(0) 反对(0) Yu | 园豆：12980 (专家六级) | 2015-02-28 20:39

你先看下请求中是否携带了 cookie 嘛！

Launcher | 园豆：45045 (高人七级) | 2015-02-28 18:04

Accept:

text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:

gzip,deflate,sdch
Accept-Language:

zh-CN,zh;q=0.8
Connection:

keep-alive
Cookie:

.ASPXAUTH=912B79B443A045637E4EAA28AD1F3D06C6D80D012DE60646DFEB2080A762540370F83672C2C6824669A9512FBEA6197701F3039EC49B5CC3EB1A3AD082597FCCD10CA9707D81A469C7CC4DAF59779FBF6AAA893FF9D790303605E7487766C1DF4CC4EFB8E7EE165896D28565BBD9AB6F660CEBD9CF8E837E376E8C12EA6F8ACD5A0ABE93279BD5AB9DFBA077F540515141F35A1C50DAE88C0FF6FFB2A145DF26
Host:

localhost:50943
User-Agent:

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36

支持(0) 反对(0) Tzn | 园豆：11 (初学一级) | 2015-02-28 18:09

清除回答草稿

您需要登录以后才能回答，未注册用户请先注册。

欢迎，请先 登录 或者 注册 。

Mvc 身份验证的问题

欢迎，请先登录或者注册。