【发布时间】:2016-04-04 07:29:49
【问题描述】:
我是 ASP NET MVC authentication 的新手,在我的网络项目中遇到了麻烦
默认情况下(作为项目生成的结果)有一个 AccountController 有一个 Login 方法
[Authorize]
public class AccountController : Controller
{
private UserService _userService;
public UserService UserService{
get { return _userService ?? (_userService = new UserService()); }
}
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl){
if (!ModelState.IsValid)
{
return View(model);
}
//the line with SignInManager is Default in project
//var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false);
//I have implemented my User service which checks in DB is there exists such a user with email and password and returns the same SignInStatus
var result = UserService.Authenticate(model.Email, model.Password);
switch (result)
{
case SignInStatus.Success:
return RedirectToLocal(returnUrl);
case SignInStatus.LockedOut:
return View("Lockout");
case SignInStatus.RequiresVerification:
return RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe });
case SignInStatus.Failure:
default:
ModelState.AddModelError("", "Invalid login attempt.");
return View(model);
}
}
}
我的UserService 实现:
public class UserService : IUserService
{
public SignInStatus Authenticate(string email, string password)
{
if (string.IsNullOrEmpty(email) || string.IsNullOrEmpty(password))
{
return SignInStatus.Failure;
}
//TODO: perform authentication against DB account
if (email == "mymail@mail.com" && password == "123")
{
return SignInStatus.Success;
}
else
{
return SignInStatus.Failure;
}
}
}
我将它与AdministrationController 上的[Authorize] 属性一起使用
public class AdministrationController : Controller
{
// GET: Admin/Admin
[Authorize]
public ActionResult Index()
{
return View();
}
}
当我通过http://localhost:53194/administration进入我的网站的管理区域时,它不需要任何身份验证(不显示登录屏幕)
如果我在我的方法上设置属性[Authorize(Roles = "Administrator")]
public class AdministrationController : Controller
{
// GET: Admin/Admin
[Authorize(Roles = "Administrator")]
public ActionResult Index()
{
return View();
}
}
登录屏幕出现。
我设置了电子邮件和密码。按下Login按钮从AccountController进入Login方法,进入SignInStatus.Success的case
但登录屏幕仍然存在。它不会重定向到正常的管理屏幕。
请您建议我如何实施此身份验证。谢谢。
【问题讨论】:
标签: c# authentication asp.net-mvc-5