1. 首页
  2. 问答
  3. User.Identity.IsAuthenticated始终为false即使e.Authenticated = true

User.Identity.IsAuthenticated始终为false即使e.Authenticated = true

2016-11-25 62 views
0

我已经搜索了类似的问题,但无法解决问题。User.Identity.IsAuthenticated始终为false即使e.Authenticated = true

HTML代码

<asp:Login ID="Login1" runat="server" Width="247px"  OnAuthenticate="Login1_Authenticate1"> 
       </asp:Login>

C#代码

public partial class login : System.Web.UI.Page 
{ 
private SqlConnection con = new  SqlConnection(WebConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString); 

protected void Page_Load(object sender, EventArgs e) 
{ 

} 
protected void Login1_Authenticate1(object sender, AuthenticateEventArgs e) 
{ 
    string userName = Login1.UserName; 
    string password = Login1.Password; 

    bool result = UserLogin(userName, password); 
    if ((result)) 
    { 
     e.Authenticated = true; 
     FormsAuthentication.SetAuthCookie(userName, true); 
     Response.Redirect("http://localhost:57000/Default"); 
    } 
    else 
    { 
     e.Authenticated = false; 
    } 
} 
private bool UserLogin(string userName, string password) 
{ 

    //' declare the command that will be used to execute the select statement 
    SqlCommand com = new SqlCommand("SELECT Employee_Email FROM Employee_Detail WHERE Employee_Email = @UserName AND Password = @Password", con); 

     // set the username and password parameters 
     com.Parameters.Add("@UserName", SqlDbType.NVarChar).Value = userName; 
     com.Parameters.Add("@Password", SqlDbType.NVarChar).Value = password; 

     con.Open(); 
     //' execute the select statment 
     string result = Convert.ToString(com.ExecuteScalar()); 
     //' check the result 
     if (string.IsNullOrEmpty(result)) 
     { 
      //invalid user/password , return flase 
      return false; 
     } 
     else 
     { 
      // valid login 
      return true; 
     } 
    }

} 我检查这个样子。 if (User.Identity.IsAuthenticated) { Page.Title = "Home page for " + User.Identity.Name; } else { Page.Title = "Home page for guest user."; } 配置文件

<authentication mode="Forms"> <forms defaultUrl="~/Default.aspx" loginUrl="~/login.aspx" name="__Auth" slidingExpiration="true" timeout="2880"></forms> </authentication>

登录工作正常,但当在下一页检查User.Identity.IsAuthenticated它始终是假的。我已经在配置页面中将身份验证设置为表单。 任何帮助将是伟大的。

来源

2016-11-25 RPK

回答

0

您还可以设置FormsAuthenticationTicket

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(2, userName, DateTime.Now, DateTime.Now.AddDays(30), true, String.Empty); 
string encryptedTicket = FormsAuthentication.Encrypt(ticket); 
HttpCookie authenticationCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket); 
authenticationCookie.Expires = ticket.Expiration; 
Response.Cookies.Add(authenticationCookie); 

FormsAuthentication.SetAuthCookie(userName, true);

而且最好用的RedirectFromLoginPage代替Response.Redirect

FormsAuthentication.RedirectFromLoginPage(userName, true);

看起来要存储明文密码。不要这样做。

UPDATE

<sessionState mode="InProc" cookieless="false" timeout="1440" /> 
<authentication mode="Forms"> 
    <forms cookieless="UseCookies" timeout="43200" defaultUrl="~/Default.aspx" loginUrl="~/login.aspx" /> 
</authentication>

来源

2016-11-25 09:43:41 VDWWD

+0

感谢您的响应。我添加了'FormsAuthenticationTicket'我仍然得到相同的结果。我编辑了这个问题以显示我如何检查。另外我应该如何存储密码?我应该加密吗? – RPK

+0

始终使用Salt加密密码。你有没有添加所有nessecary认证项[到Web.Config](https://msdn.microsoft.com/en-us/library/1d3t3c61(v = vs.100).aspx)? – VDWWD

+0

我已添加请检查我编辑的问题以显示confg文件。另外'FormsAuthentication.RedirectFromLoginPage(userName,true);'不起作用 – RPK

相关问题

 相关问题