1. 首頁
  2. 問答
  3. WebAPI + SimpleMembership + WebSecurity - 永遠無法驗證?

WebAPI + SimpleMembership + WebSecurity - 永遠無法驗證?

2014-10-04 34 views
3

我正試圖實現一個單頁的應用程序。我從另一個項目(MVC4)中繼承了一些工作代碼來實現身份驗證。現在我看到cookies被設置,但WebSecurity/User.Identity似乎沒有工作出於某種原因。登錄後,隨後的請求從不驗證通過驗證,通過WebSecurity.IsAuthenticatedUser.Identity.IsAuthenticated。有誰知道爲什麼會發生這種情況?WebAPI + SimpleMembership + WebSecurity - 永遠無法驗證?

控制器代碼:

public class AccountController : ApiController { 

    private readonly UserService _userService; 

    public AccountController() {} 

    public AccountController(UserService userService) { 
     _userService = userService; 
    } 

    [AllowAnonymous] 
    [HttpGet] 
    [Route("api/authpayload")] 
    // This gets called when the app loads. Always, User.Identity.IsAuthenticated is false. 
    public HttpResponseMessage AuthPayload() { 
     var payload = new AuthPayloadDto(); 
     try { 
      var userId = WebSecurity.GetUserId(User.Identity.Name); 
      if (User.Identity.IsAuthenticated && userId > 0) { 
       payload.Username = User.Identity.Name; 
      } else { 
       LogOut(); 
       payload.IsAuthenticated = false; 
      } 
      return Request.CreateResponse(HttpStatusCode.OK, payload); 
     } catch (Exception e) { 
      return Request.CreateResponse(HttpStatusCode.InternalServerError, e); 
     } 
    } 

    [HttpPost] 
    [Route("api/login")] 
    [AllowAnonymous] 
    public HttpResponseMessage LogIn(LoginModel model) { 
     if (!ModelState.IsValid) 
      return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState); 
     try { 
      if (WebSecurity.IsAuthenticated) 
       return Request.CreateResponse(HttpStatusCode.Conflict, "already logged in."); 
      if (!WebSecurity.UserExists(model.Username)) 
       return Request.CreateResponse(HttpStatusCode.Conflict, "User does not exist."); 
      if (WebSecurity.Login(model.Username, model.Password, persistCookie: model.RememberMe)) { 
       // This code always gets hit when I log in, no problems. I see a new cookie get sent down as well, using Chrome debugger. 
       var payload = new AuthPayloadDto(); 
       return Request.CreateResponse(HttpStatusCode.OK, payload); 
      } 
      LogOut(); 
      return Request.CreateResponse(HttpStatusCode.Forbidden, "Login Failed."); 
     } catch (Exception e) { 
      return Request.CreateResponse(HttpStatusCode.InternalServerError, e); 
     } 
    }

Web.config文件:

<system.web> 
    <compilation debug="true" targetFramework="4.5" /> 
    <httpRuntime targetFramework="4.5" /> 
    <authentication mode="Forms"> 
     <forms loginUrl="~/" timeout="2880" /> 
    </authentication> 
    <roleManager enabled="true" defaultProvider="simple"> 
     <providers> 
     <clear /> 
     <add name="simple" type="WebMatrix.WebData.SimpleRoleProvider, WebMatrix.WebData" /> 
     </providers> 
    </roleManager> 
    <membership defaultProvider="simple"> 
     <providers> 
     <clear /> 
     <add name="simple" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData" /> 
     </providers> 
    </membership> 
    <!-- 
      If you are deploying to a cloud environment that has multiple web server instances, 
      you should change session state mode from "InProc" to "Custom". In addition, 
      change the connection string named "DefaultConnection" to connect to an instance 
      of SQL Server (including SQL Azure and SQL Compact) instead of to SQL Server Express. 
     --> 
    <sessionState mode="InProc" customProvider="DefaultSessionProvider"> 
     <providers> 
     <add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" /> 
     </providers> 
    </sessionState> 

    </system.web>

是被登錄後發送的未過期的cookie,並且它得到後續請求發回,但IsAuthenticated總是假。我究竟做錯了什麼?

更新:

我我的web.config更新下面讓一切工作:

<system.web> 
    <authentication mode="None" /> 
    <compilation debug="true" targetFramework="4.5" /> 
    <httpRuntime targetFramework="4.5" /> 
    <roleManager enabled="true" defaultProvider="SimpleRoleProvider"> 
     <providers> 
     <clear /> 
     <add name="SimpleRoleProvider" type="WebMatrix.WebData.SimpleRoleProvider, WebMatrix.WebData" /> 
     </providers> 
    </roleManager> 
    <membership defaultProvider="SimpleMembershipProvider"> 
     <providers> 
     <clear /> 
     <add name="SimpleMembershipProvider" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData" /> 
     </providers> 
    </membership> 
    </system.web>

但我想離開的情況下,這個人開了爲什麼這個作品的說明;我很迷茫。

來源

2014-10-04 RobVious

+0

從限制訪問某些控制器或動作我個人經驗,我從來沒有能夠通過MVC的Web API(使用MVC 4和5)獲得認證。如果用戶通過MVC的社交登錄登錄,那麼我可以檢查當前用戶是否通過Web API登錄。但試圖實際登錄用戶一直是一個挑戰。還有其他第三方認證服務與MVC一起解決這個問題(如auth0.com)。 – 2015-01-11 04:53:42

+0

你解決了你的問題嗎?我也面臨同樣的問題。它成功驗證了用戶,但是已經通過驗證仍然是錯誤的。 – UmarKashmiri 2015-01-28 10:49:33

回答

0

與MSSQL我當前的MVC 4項目, 其簡單的一個我,所以我只是

[Authorize] 
//[InitializeSimpleMembership] 
public partial class AccountController : Controller

想很簡單memmbership提供商 我禁用 InitializeSimpleMembershipAttribute

,並添加以下代碼到全球.asax在Application_Start下

WebSecurity.InitializeDatabaseConnection(
      connectionStringName: "DefaultConnection", 
      userTableName: "UserProfile", 
      userIdColumn: "UserID", 
      userNameColumn: "UserName", 
      autoCreateTables: true);

在我的sql數據庫在應用程序中創建對他們的一些表是角色和UserInRoles只是增加我需要Admin之類的,客戶等... 的角色和我加入這個代碼

[Authorize(Roles = "Admin")] 
public class MessagesController : Controller

來源

2015-01-28 18:08:23

相關問題

 相關問題