我使用authorize属性设置Forms身份验证,该属性检查查询字符串哈希值:
FormsAuthentication.SetAuthCookie(qs["name"], false);
在下一个请求中,我检查用户是否已登录:
filterContext.HttpContext.Request.IsAuthenticated
这会返回false(看起来很奇怪,所以我看看cookie)
filterContext.HttpContext.Request.Cookies[".ASPXAUTH"]
返回:
{System.Web.HttpCookie}
Domain: null
Expires: {1/01/0001 12:00:00 a.m.}
HasKeys: false
HttpOnly: false
Name: ".ASPXAUTH"
Path: "/"
Secure: false
Shareable: false
Value: "9A3F32523C37286093E99907E8A71C405854EE409667A34AA8E06665D0912EEA5DAD69C605F45134A9BBA314BC8C4A5AEA46F9F623013A1FA2A98F3AEE834D69555C1849926C4A369B8E5E0A2E26CBB4ACBDBC8D0389BBD9A2C8F942ACFFBF20566BA2D7A1F80914D8B097866D06CC3059DB306C3E83C09800CCD4697D38AF5C"
Values: {9A3F32523C37286093E99907E8A71C405854EE409667A34AA8E06665D0912EEA5DAD69C605F45134A9BBA314BC8C4A5AEA46F9F623013A1FA2A98F3AEE834D69555C1849926C4A369B8E5E0A2E26CBB4ACBDBC8D0389BBD9A2C8F942ACFFBF20566BA2D7A1F80914D8B097866D06CC3059DB306C3E83C09800CCD4697D38AF5C}
所以cookie就在那里,让我们解密它看看它有效吗?
FormsAuthentication.Decrypt(filterContext.HttpContext.Request.Cookies[".ASPXAUTH"].Value)
{System.Web.Security.FormsAuthenticationTicket}
CookiePath: "/"
Expiration: {25/06/2015 12:09:17 p.m.}
Expired: false
IsPersistent: false
IssueDate: {25/06/2015 11:39:17 a.m.}
Name: "john"
UserData: ""
Version: 2
所以cookie一切都很好,为什么Request.IsAuthenticated返回false ???
答案 0 :(得分:0)
<authentication mode="Forms" />
web.config中缺少