使用ActiveDirectoryMembershipProvider和IsAuthenticated的ASP.NET MVC 5表单身份验证
[英]ASP.NET MVC 5 Forms Authentication using ActiveDirectoryMembershipProvider and IsAuthenticated
问题描述
I'm using ASP.NET MVC 5 with Forms auth and AD membership provider as follows: 
我正在将ASP.NET MVC 5与Forms auth和AD成员资格提供程序一起使用,如下所示:
<authentication mode="Forms">
<forms name=".ADAuthCookie" loginUrl="~/Account/Login" defaultUrl="~/" timeout="20" slidingExpiration="true" protection="All" />
</authentication>
<membership defaultProvider="ADMembershipProvider">
<providers>
<clear/>
<add name="ADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider"
connectionStringName="ADConnectionString"
attributeMapUsername="sAMAccountName"
enableSearchMethods="true" />
</providers>
</membership>
I have Anonymous Auth Enabled , and Windows Auth Disabled . 我启用了匿名身份验证,并禁用了 Windows身份验证。
I can successfully authenticate against AD, and the value of User.Identity.Name indeed shows my username. 我可以针对AD成功进行身份验证,并且User.Identity.Name的值确实显示了我的用户名。 However IsAuthenticated is false. 但是IsAuthenticated是错误的。 Why? 为什么?
I'd like to use some flag in my layout to show/hide navigation. 我想在布局中使用一些标志来显示/隐藏导航。 Right now, I'm resorting to this in my view: 现在,在我看来,我正在求助于此:
@if (@User.Identity.Name == "") { show insecure content }
I am using my own Login method as defined in my AccountController as follows: 我正在使用自己在AccountController定义的Login方法,如下所示:
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Login(Login model, string returnUrl = "")
{
if (ModelState.IsValid)
{
if (Membership.ValidateUser(model.UserName, model.Password))
{
_logger.Info("AccountController.Login() User.Identity.Name=" + User.Identity.Name);
FormsAuthentication.RedirectFromLoginPage(model.UserName, model.RememberMe);
}
ModelState.AddModelError("", "Incorrect username and/or password");
}
return View(model);
}
I'm also not entirely convinced that the following methods are working as expected in my /Logout: 我也不完全相信/ Logout中的以下方法可以正常工作:
HttpContext.GetOwinContext().Authentication.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
FormsAuthentication.SignOut();
Session.Abandon();
Perhaps I'm not entirely understanding the expected behavior of User.Identity when using ActiveDirectoryMembershipProvider . 也许我在使用ActiveDirectoryMembershipProvider时并不完全了解User.Identity的预期行为。
1 个解决方案
解决方案1
0 2015-08-06 15:46:40
If you are using the scaffolded MVC5 application there is a section for SignInAsync where you must set the claims identity for authentication. 如果使用的是脚手架MVC5应用程序,则有一个用于SignInAsync的部分,您必须在其中设置用于身份验证的声明身份。 I had to make some changes to mine but it will look like this: 我必须对我的做出一些更改,但它看起来像这样:
private async Task SignInAsync(ApplicationUser user, bool isPersistent)
{
AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);
var identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, user.UserName), }, DefaultAuthenticationTypes.ApplicationCookie, ClaimTypes.Name, ClaimTypes.Role);
AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = isPersistent }, identity);
}
I had run into the same issue and followed this post along with some others to resolve it: http://kevin-junghans.blogspot.com/2013/12/using-claims-in-aspnet-identity.html 我遇到了同样的问题,并且跟随这篇文章以及其他一些文章来解决它: http : //kevin-junghans.blogspot.com/2013/12/using-claims-in-aspnet-identity.html
I was told in a previous post that MVC5 did away with form auth in favor of claims, I may be wrong and perhaps some one can shed more light on that. 在上一篇文章中有人告诉我,MVC5取消了表单身份验证,而是主张声明,我可能错了,也许有人可以对此进行更多说明。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.