Web Security is authenticated always return “false”
Question
i have a issue with my websecurity authentication , i can't login is. authenticated retrurn always false When I login always it sends me to login page. I debugged it and I found a problem httpContext.Request.IsAuthenticated always return false , any help .. Controller :
public ActionResult Login(string returnUrl)
{
ViewBag.ReturnUrl = returnUrl;
return View();
}
[AllowAnonymous]
[HttpPost]
public ActionResult Login(UserProfile register)
{
WebSecurity.Login(register.UserName, register.password, true);
if (User.Identity.IsAuthenticated)
{
return RedirectToAction("Index", "Home");
}
return RedirectToAction("Index", "Contact");
}
view :
<h2>@ViewBag.Title.</h2>
<div class="row">
<div class="col-md-8">
<section id="loginForm">
@using (Html.BeginForm("Login", "AccountHopital", new { ReturnUrl = ViewBag.ReturnUrl }, FormMethod.Post, new { @class = "form-horizontal", role = "form" }))
{
@Html.AntiForgeryToken()
<h4>Utilisez un compte local pour vous connecter.</h4>
<hr />
@Html.ValidationSummary(true, "", new { @class = "text-danger" })
<div class="form-group">
@Html.LabelFor(m => m.UserName, new { @class = "col-md-2 control-label" })
<div class="col-md-10">
@Html.TextBoxFor(m => m.UserName, new { @class = "form-control" })
@Html.ValidationMessageFor(m => m.UserName, "", new { @class = "text-danger" })
</div>
</div>
<div class="form-group">
@Html.LabelFor(m => m.password, new { @class = "col-md-2 control-label" })
<div class="col-md-10">
@Html.PasswordFor(m => m.password, new { @class = "form-control" })
@Html.ValidationMessageFor(m => m.password, "", new { @class = "text-danger" })
</div>
</div>
and web.config :
<system.web>
<membership defaultProvider="SimpleMembershipProvider">
<providers>
<add name="SimpleMembershipProvider" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData" />
</providers>
</membership>
<authentication mode="Forms">
<!--<modules>
<remove name="FormsAuthentication" />
</modules>-->
<forms loginUrl="~/AccountHopital/Login" timeout="3600" />
</authentication>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.webServer>
<modules>
<remove name="FormsAuthentication" />
</modules>
</system.webServer>
1 answers
solution1
0 2016-11-27 17:18:35
User.Identity.IsAuthenticated looks at the authentication cookie from the client to determine if the user is logged in or not. Since the authentication cookie is not present when you are POSTing to your login method, it will always return false. Additionally, why perform the check right after you logged the user in? The check should actually be performed on the login GET method.
public ActionResult Login(string returnUrl)
{
if (User.Identity.IsAuthenticated)
{
//already logged in - no need to allow login again!!
return RedirectToAction("Index", "Home");
}
ViewBag.ReturnUrl = returnUrl;
return View();
}
[AllowAnonymous]
[HttpPost]
public ActionResult Login(UserProfile register)
{
//check your model state!
if(!ModelState.IsValid) return View();
//this method returns some result letting you know if the user
//logged in successfully or not. You need to check that.
//Additionally, this method sets the Auth cookie so you can
//do you IsAuthenticated call anywhere else in the system
var loginResult = WebSecurity.Login(register.UserName, register.password, true);
//login failed, display the login view again or go whereever you need to go
if(!loginResult) return View();
//Good to go, user is authenticated - redirect to where need to go
return RedirectToAction("Index", "Home");
}
Here is the MSDN for the WebSecurity.Login method
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.