发表新帖
发表新帖

MVC ASP.NET - Manually authorize someone and persist the authorization via Forms Authentication

前端 未结
关注
3 1685
無奈伤痛
無奈伤痛 2021-02-04 11:38

I want the benefits of form authentication in ASP.NET. I want it to persist the authorization for me and such, but there\'s one thing different about my situation; I want to au

3条回答
  • 迷失自我
    迷失自我 (楼主)
    2021-02-04 12:14

    I may be over simplifying this, but the way I read this is the following:

    1. If a user is not authenticated, you have a form that you collect the username/password
    2. The results of that form are passed to a web service for authorization
    3. If that authorization is successful, you need a way to let the web application know that they have signed in.
    4. If they are authenticated, do stuff

    If the above is correct, you do not need a membership provider. The [Authorize] attribute simply looks that the forms authentication cookie to see if it has been set and is valid for the current lifetime of the cookie. This authentication cookie stores the username of the user and the expiration time of the cookie (and other stuff, but not important here).

    Given that, you only need to set your web.config configuration element and have a method to set the authentication cookie.

    Web.Config

    Logon URL GET action

    public ActionResult Logon(){
   //if the user is logged in, send the to the home page
   if(httpContext.User.Identity.IsAuthenticated_{
        Return RedirectToAction("Index", "Home");
   }
   Return this.View(new LoginViewModel());
}

    Logon URL POST action

    [HttpPost]
public ActionResult Logon(LoginViewModel model){
   //Check for model errors
   if(!ModelState.IsValid()){
       Return this.View(model);
   }

   //Validate against web service - return error if false
   if(!CheckClientsWebService(model.UserName, model.Password)){
       ModelState.AddModelError("","The username or password is invalid");
       Return this.View(model);
   } 

   //Manually set the authentication cookie
   FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);  
   //Send them on to the home page, they now have a authorization cookie
   Return RedirectToAction("Index", "Home");
}

    Once you have called the .SetAuthCookie() function, the user will now have an authentication ticket and calls to HttpContext.User.Identity.IsAuthenticated will be true as long as the cookie has not expired and you can get the user name from HttpContext.User.Identity.Name

    0 讨论(0)
 看不清?
提交回复
热议问题