1. 首页
  2. 问答
  3. WebAPI + SimpleMembership + WebSecurity - 永远无法验证?

WebAPI + SimpleMembership + WebSecurity - 永远无法验证?

2014-10-04 63 views
3

我正试图实现一个单页的应用程序。我从另一个项目(MVC4)中继承了一些工作代码来实现身份验证。现在我看到cookies被设置,但WebSecurity/User.Identity似乎没有工作出于某种原因。登录后,随后的请求从不验证通过验证,通过WebSecurity.IsAuthenticatedUser.Identity.IsAuthenticated。有谁知道为什么会发生这种情况?WebAPI + SimpleMembership + WebSecurity - 永远无法验证?

控制器代码:

public class AccountController : ApiController { 

    private readonly UserService _userService; 

    public AccountController() {} 

    public AccountController(UserService userService) { 
     _userService = userService; 
    } 

    [AllowAnonymous] 
    [HttpGet] 
    [Route("api/authpayload")] 
    // This gets called when the app loads. Always, User.Identity.IsAuthenticated is false. 
    public HttpResponseMessage AuthPayload() { 
     var payload = new AuthPayloadDto(); 
     try { 
      var userId = WebSecurity.GetUserId(User.Identity.Name); 
      if (User.Identity.IsAuthenticated && userId > 0) { 
       payload.Username = User.Identity.Name; 
      } else { 
       LogOut(); 
       payload.IsAuthenticated = false; 
      } 
      return Request.CreateResponse(HttpStatusCode.OK, payload); 
     } catch (Exception e) { 
      return Request.CreateResponse(HttpStatusCode.InternalServerError, e); 
     } 
    } 

    [HttpPost] 
    [Route("api/login")] 
    [AllowAnonymous] 
    public HttpResponseMessage LogIn(LoginModel model) { 
     if (!ModelState.IsValid) 
      return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState); 
     try { 
      if (WebSecurity.IsAuthenticated) 
       return Request.CreateResponse(HttpStatusCode.Conflict, "already logged in."); 
      if (!WebSecurity.UserExists(model.Username)) 
       return Request.CreateResponse(HttpStatusCode.Conflict, "User does not exist."); 
      if (WebSecurity.Login(model.Username, model.Password, persistCookie: model.RememberMe)) { 
       // This code always gets hit when I log in, no problems. I see a new cookie get sent down as well, using Chrome debugger. 
       var payload = new AuthPayloadDto(); 
       return Request.CreateResponse(HttpStatusCode.OK, payload); 
      } 
      LogOut(); 
      return Request.CreateResponse(HttpStatusCode.Forbidden, "Login Failed."); 
     } catch (Exception e) { 
      return Request.CreateResponse(HttpStatusCode.InternalServerError, e); 
     } 
    }

Web.config文件:

<system.web> 
    <compilation debug="true" targetFramework="4.5" /> 
    <httpRuntime targetFramework="4.5" /> 
    <authentication mode="Forms"> 
     <forms loginUrl="~/" timeout="2880" /> 
    </authentication> 
    <roleManager enabled="true" defaultProvider="simple"> 
     <providers> 
     <clear /> 
     <add name="simple" type="WebMatrix.WebData.SimpleRoleProvider, WebMatrix.WebData" /> 
     </providers> 
    </roleManager> 
    <membership defaultProvider="simple"> 
     <providers> 
     <clear /> 
     <add name="simple" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData" /> 
     </providers> 
    </membership> 
    <!-- 
      If you are deploying to a cloud environment that has multiple web server instances, 
      you should change session state mode from "InProc" to "Custom". In addition, 
      change the connection string named "DefaultConnection" to connect to an instance 
      of SQL Server (including SQL Azure and SQL Compact) instead of to SQL Server Express. 
     --> 
    <sessionState mode="InProc" customProvider="DefaultSessionProvider"> 
     <providers> 
     <add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" /> 
     </providers> 
    </sessionState> 

    </system.web>

是被登录后发送的未过期的cookie,并且它得到后续请求发回,但IsAuthenticated总是假。我究竟做错了什么?

更新:

我我的web.config更新下面让一切工作:

<system.web> 
    <authentication mode="None" /> 
    <compilation debug="true" targetFramework="4.5" /> 
    <httpRuntime targetFramework="4.5" /> 
    <roleManager enabled="true" defaultProvider="SimpleRoleProvider"> 
     <providers> 
     <clear /> 
     <add name="SimpleRoleProvider" type="WebMatrix.WebData.SimpleRoleProvider, WebMatrix.WebData" /> 
     </providers> 
    </roleManager> 
    <membership defaultProvider="SimpleMembershipProvider"> 
     <providers> 
     <clear /> 
     <add name="SimpleMembershipProvider" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData" /> 
     </providers> 
    </membership> 
    </system.web>

但我想离开的情况下,这个人开了为什么这个作品的说明;我很迷茫。

来源

2014-10-04 RobVious

+0

从限制访问某些控制器或动作我个人经验,我从来没有能够通过MVC的Web API(使用MVC 4和5)获得认证。如果用户通过MVC的社交登录登录,那么我可以检查当前用户是否通过Web API登录。但试图实际登录用户一直是一个挑战。还有其他第三方认证服务与MVC一起解决这个问题(如auth0.com)。 – 2015-01-11 04:53:42

+0

你解决了你的问题吗?我也面临同样的问题。它成功验证了用户,但是已经通过验证仍然是错误的。 – UmarKashmiri 2015-01-28 10:49:33

回答

0

与MSSQL我当前的MVC 4项目, 其简单的一个我,所以我只是

[Authorize] 
//[InitializeSimpleMembership] 
public partial class AccountController : Controller

想很简单memmbership提供商 我禁用 InitializeSimpleMembershipAttribute

,并添加以下代码到全球.asax在Application_Start下

WebSecurity.InitializeDatabaseConnection(
      connectionStringName: "DefaultConnection", 
      userTableName: "UserProfile", 
      userIdColumn: "UserID", 
      userNameColumn: "UserName", 
      autoCreateTables: true);

在我的sql数据库在应用程序中创建对他们的一些表是角色和UserInRoles只是增加我需要Admin之类的,客户等... 的角色和我加入这个代码

[Authorize(Roles = "Admin")] 
public class MessagesController : Controller

来源

2015-01-28 18:08:23

相关问题

 相关问题