在控制器动作到您发布的登录表单,你可以验证凭据对你的数据库,如果成功发出authntication cookie,将包含当前连接的用户的用户名,这样就可以在以后的行动检索。
例如假设你有一个包含其发布到登录方法的用户名和密码字段的表单:
[HttpPost]
public ActionResult LogOn(string username, string password)
{
// TODO: up to you to implement the VerifyCredentials method
if (!VerifyCredentials(username, password))
{
// wrong username or password:
ModelState.AddModelError("", "wrong username or password");
return View();
}
// username and password match => emit an authentication cookie:
FormsAuthentication.SetAuthCookie(username, false);
// and redirect to some controller action which is protected by the
// [Authorize] attribute and which should be accessible only to
// authenticated users
return RedirectToAction("SomeProtectedAction", "SomeController");
}
和保护的作用,你可以获取从这样的cookie中的当前连接的用户名里面:
[Authorize]
public ActionResult SomeProtectedAction()
{
string username = User.Identity.Name;
// TODO: here you could query your database to find out more about
// the user given his username which must be unique
...
}
一定要整合与FormsAuthentication位自定义解决方案。如果你真的想把血弄在手上,看看[Phil Haack的帖子](http://haacked.com/archive/2011/10/04/prevent-forms-authentication-login-page-redirect-when-you -donrsquot-want.aspx) – 2012-03-28 12:59:08
会写一个自定义会员供应商解决您的问题?谷歌“实现成员资格提供” http://aspguy.wordpress.com/2011/07/30/single-sign-on-with-wcf-and-asp-net-custom-membership-provider/ – RickAndMSFT 2012-03-28 17:17:42