ASP.NET Membership: how to set the user as logged in

前端 未结 3 1669
忘了有多久
忘了有多久 2020-12-23 10:11

I am trying to get the Membership Provider to work.

So far I have:

 

        
相关标签:
3条回答
  • 2020-12-23 10:38

    While I don't know how much help this will be, this is boilerplate code I use to discern between admin users or regular users. Works great for me.

    On your login page, probably onclick create your user object and call some function with this code (UserRole is an Enum with your roles):

    If admin Then 
                If role = UserRole.Admin Then
                    RedirectFromLoginPage(username & "|" & userid, False)
                    Return True
                Else
                    Return False
                End If
            Else
                If String.IsNullOrEmpty(Current.Request.QueryString("ReturnUrl")) Then
                    SetAuthCookie(username & "|" & userid, True)
                Else
                    RedirectFromLoginPage(username & "|" & userid, True)
                End If
                Return True
            End If
    

    In your web.config:

    <location path="admin">
        <system.web>
            <authorization>
                <allow roles="Admin"/>
                <deny users="*"/>
            </authorization>
        </system.web>
    </location>
    .....
    <system.web>
    <authentication mode="Forms">
            <forms loginUrl="/registration/login.aspx" timeout="129600"/>
        </authentication>
        <authorization>
            <allow users="*"/>
        </authorization>
    </system.web>
    

    ... and if you really want, in your Global.asax page:

        Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
        If Request.IsAuthenticated Then
    ''
    'get your roles for the current user'
    ''
     Dim userRoles() As String = Split(roles, "|")
            'Add the roles to the User Principal'
            HttpContext.Current.User = New GenericPrincipal(User.Identity, userRoles)
        End If
    End Sub
    
    0 讨论(0)
  • 2020-12-23 10:43

    Try moving your code and Gromer's suggestion to the LoggedIn event.

    protected void Login1_LoggedIn(object sender, EventArgs e)
        {
            if(Membership.ValidateUser(Login1.UserName, Login1.Password))
            {
                FormsAuthentication.SetAuthCookie(Login1.UserName, true);
                Response.Redirect("/admin/default.aspx");
            }
    
        }
    

    EDIT: Like Gromer said, only do this if you have to execute some business code after the user is logged in and before s/he is redirected.

    EDIT EDIT: Visual Studio describes the Authenticate event as, "called to authenticate the user," which implies that the user is not authenticated before the event is called. Thus, you cannot confirm that the user is logged in because s/he has not been authenticated yet.

    0 讨论(0)
  • 2020-12-23 10:44

    Put this in Login1_Authenticate before calling Response.Redirect("/admin/default.aspx");

    FormsAuthentication.SetAuthCookie("username", true);
    
    0 讨论(0)
自定义标题
段落格式
字体
字号
代码语言
提交回复
热议问题