0
我有一个IAuthenticationFilter
将检查用户组中的SharePoint:检索Windows标识为IAuthenticationFilter
public class BasicAuthFilter : ActionFilterAttribute, IAuthenticationFilter
{
public void OnAuthentication(AuthenticationContext filterContext)
{
string userLoginName = filterContext.RequestContext.HttpContext.User.Identity.Name;
if (SecurityManager.Auth(userLoginName))
return;
else
filterContext.Result = new RedirectResult(new UrlHelper(filterContext.RequestContext).Action("AccessDenied", "Error"));
}
...
}
}
它会在每次请求运行,但除了ErrorController
[AllowAnonymous]
public class ErrorController : Controller
...
// Display view and link for "Logout"
public ActionResult AccessDenied()
{
return View();
}
// GET: Logout
[OutputCache(VaryByParam = "*", Duration = 0, NoStore = true)] // disable caching
public ActionResult Logout()
{
string currentUser = User.Identity.Name;
int AuthenticationAttempts = 0;
if (Session["AuthenticationAttempts"] == null || !int.TryParse(Convert.ToString(Session["AuthenticationAttempts"]), out AuthenticationAttempts))
AuthenticationAttempts = 0;
AuthenticationAttempts += 1;
if (AuthenticationAttempts == 1)
{
Session["PrevUser"] = User.Identity.Name;
Session["AuthenticationAttempts"] = AuthenticationAttempts;
return new HttpUnauthorizedResult();
}
else if (string.Compare(Convert.ToString(Session["PrevUser"]), currentUser, true) == 0) // Somehow it will have echo back, ignore it
{
return new HttpUnauthorizedResult();
}
else
{
Session.Abandon();
Session.Clear();
return RedirectToAction("Index", "Home");
}
}
}
当Error Controller
回报HttpUnauthorizedResult
,浏览器会提示登录。我可以从User.Identity.Name
中获取ErrorController
的新用户名。
然而,当它重定向到HomeController
,用户重置为原来的,我试过以下,但仍然是相同的
filterContext.RequestContext.HttpContext.User.Identity.Name
filterContext.HttpContext.User.Identity.Name
filterContext.Principal.Identity.Name
难道我错过了什么,或者我应该分配用户输入后本金?