我对MVC4用户授权有问题。
System.Web.Security.Membership.ValidateUser返回true。
然后它到达FormsAuthentication.SetAuthCookie,我在浏览器中看到一个cookie。
然后User.Identity.IsAuthenticated由于某些原因仍然评估为false。
User.Identity.IsAuthenticated在重定向后仍然为false,并保持为false。
[AllowAnonymous]
[HttpPost]
public ActionResult Login(LoginModel model,string returnUrl)
{
if (ModelState.IsValid)
{
if (System.Web.Security.Membership.ValidateUser(model.UserName,model.Password))
{
FormsAuthentication.SetAuthCookie(model.UserName,model.RememberMe);
if (Url.IsLocalUrl(returnUrl))
{
return Redirect(returnUrl);
}
else
{
return RedirectToAction("Index","Home");
}
}
else
{
ModelState.AddModelError("","The user name or password provided is incorrect.");
}
}
// If we got this far,something Failed,redisplay form
return View(model);
}
解决方法
在调用FormsAuthentication.SetAuthCookie()之后,下一个请求之前,User.Identity.IsAuthenticated不会被设置为true。
见http://msdn.microsoft.com/en-us/library/twk5762b.aspx
The SetAuthCookie method adds a forms-authentication ticket to either the cookies collection,or to the URL if CookiesSupported is false. The forms-authentication ticket supplies forms-authentication information to the next request made by the browser.
