有的页面需要用户认证之后才可以进入,通常都是在Filter的OnActionExecuting方法中我们需要获取当前用户。有两种情况不必登录:1.用户是登录的,也就是认证过的。2.用户上次登录了,但没有退出就关闭了页面,且还Cookie还没有过期。这个时候

Request.IsAuthenticated=true

所以用户不必再登录。

如果用户退出,也就是调用SignOut()

 public void SignOut()

        {

            _cachedUser = null;

            FormsAuthentication.SignOut();

        }

这个时候获取不到认证用户。

Filter就会让用户返回到登录页面。

 var user = WorkContext.CurrentUser;

if (user == null)

 {

    filterContext.Result = new RedirectResult("~/Account/Logon?returnUrl=" + returnUrl);

  }

另外,在Ninject中无法注入HttpContextBase,但可以讲其换成属性。

   public HttpContextBase HttpContext

        {

            get { return new HttpContextWrapper(System.Web.HttpContext.Current); }

        }

而对于Filter可以属性注入。

  [Inject]

  public IAuthenticationService AuthenticationService { get; set; }

LoginValidAttribute 源码:

 public class LoginValidAttribute : ActionFilterAttribute

    {

        /// <summary>

        /// 转到管理员登陆的界面

        /// </summary>

        private bool _isAdmin;

        public LoginValidAttribute(bool isadmin = false)

        {

            _isAdmin = isadmin;

        }

        public override void OnActionExecuting(ActionExecutingContext filterContext)

        {

            var contr = filterContext.RouteData.Values["controller"].ToString();

            var action = filterContext.RouteData.Values["action"].ToString();

            var parmdatas = filterContext.ActionParameters;

            var parms = "?";

            var i = ;

            var count = parmdatas.Count;

            foreach (var parmdata in parmdatas)

            {

                i++;

                if (i <= count - )

                {

                    parms += parmdata.Key + "=" + parmdata.Value + "&";

                }

                else

                {

                    parms += parmdata.Key + "=" + parmdata.Value;

                }

            }

            if (count == ) parms = "";

            var returnUrl = string.Format("~/{0}/{1}{2}", contr, action, parms);

            returnUrl = UrlHelper.GenerateContentUrl(returnUrl, filterContext.HttpContext);

            var user = WorkContext.CurrentUser;

            if (user == null)

            {

                filterContext.Result = new RedirectResult("~/Account/Logon?returnUrl=" + returnUrl);

            }

            // 如果已经登录 但不是角色,就需要跳转到只是页面 提示是管理员才能登录

        }

        [Inject]

        public IWorkContext WorkContext { get; set; }

    }

WebWorkContext:

  public class WebWorkContext : IWorkContext

    {

        #region Const

        #endregion

          #region Fields

        private readonly IUserService _userService;

        private User _cachedUser;

        #endregion

        public WebWorkContext( IUserService userService )

        {

            _userService = userService;

        }

        #region Utilities

        protected virtual HttpCookie GetUserCookie()

        {

            if (HttpContext == null || HttpContext.Request == null)

                return null;

            return HttpContext.Request.Cookies[PortalConfig.UserCookieName];

        }

        protected virtual void SetUserCookie(Guid customerGuid)

        {

            if (HttpContext != null && HttpContext.Response != null)

            {

                var cookie = new HttpCookie(PortalConfig.UserCookieName);

                cookie.HttpOnly = true;

                cookie.Value = customerGuid.ToString();

                if (customerGuid == Guid.Empty)

                {

                    cookie.Expires = DateTime.Now.AddMonths(-);

                }

                else

                {

                    int cookieExpires =  * ; //TODO make configurable

                    cookie.Expires = DateTime.Now.AddHours(cookieExpires);

                }

                HttpContext.Response.Cookies.Remove(PortalConfig.UserCookieName);

                HttpContext.Response.Cookies.Add(cookie);

            }

        }

        #endregion

        public virtual User CurrentUser

        {

            get

            {

                User customer = AuthenticationService.GetAuthenticatedCustomer(); ;

                //load guest customer

                if (customer == null || customer.Deleted || !customer.Active)

                {

                    var customerCookie = GetUserCookie();

                    if (customerCookie != null && !String.IsNullOrEmpty(customerCookie.Value))

                    {

                        Guid customerGuid;

                        if (Guid.TryParse(customerCookie.Value, out customerGuid))

                        {

                            var customerByCookie = _userService.GetUserByGuid(customerGuid);

                            if (customerByCookie != null &&IsCurrentUser)

                                //this customer (from cookie) should not be registered

                                //!customerByCookie.IsRegistered())

                                customer = customerByCookie;

                        }

                    }

                }

                //validation

                if (customer!=null&&!customer.Deleted && customer.Active)

                {

                    SetUserCookie(customer.UserGuid);

                }

                return customer;

                ;

            }

            set

            {

                SetUserCookie(value.UserGuid);

                _cachedUser = value;

            }

        }

        public User OriginalUserIfImpersonated { get; private set; }

        public bool IsAdmin { get; set; }

        public bool IsCurrentUser {

            get { return AuthenticationService.IsCurrentUser; }

        }

        public HttpContextBase HttpContext

        {

            get { return new HttpContextWrapper(System.Web.HttpContext.Current); }

        }

        [Inject]

        public IAuthenticationService AuthenticationService { get; set; }

    }

FormsAuthenticationService:

 public class FormsAuthenticationService : IAuthenticationService

    {

        private readonly IUserService _userService;

        private readonly TimeSpan _expirationTimeSpan;

        private User _cachedUser;

        public FormsAuthenticationService(IUserService userService)

        {

            _userService = userService;

            _expirationTimeSpan = FormsAuthentication.Timeout;

        }

        public void SignIn(User user, bool createPersistentCookie)

        {

            var now = DateTime.UtcNow.ToLocalTime();

            var ticket = new FormsAuthenticationTicket(, user.Username, now, now.Add(_expirationTimeSpan),

                createPersistentCookie, user.Username, FormsAuthentication.FormsCookiePath);

            var encryptedTicket = FormsAuthentication.Encrypt(ticket);

            var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket) {HttpOnly = true};

            if (ticket.IsPersistent)

            {

                cookie.Expires = ticket.Expiration;

            }

            cookie.Secure = FormsAuthentication.RequireSSL;

            cookie.Path = FormsAuthentication.FormsCookiePath;

            if (FormsAuthentication.CookieDomain != null)

            {

                cookie.Domain = FormsAuthentication.CookieDomain;

            }

            HttpContext.Response.Cookies.Add(cookie);

            //nop源码中没有这一句,务必保证webconfig中的认证是form的。

           // FormsAuthentication.SetAuthCookie(user.Username, createPersistentCookie);

            _cachedUser = user;

        }

        public void SignOut()

        {

            _cachedUser = null;

            FormsAuthentication.SignOut();

        }

        public User GetAuthenticatedCustomer()

        {

            if (_cachedUser != null) return _cachedUser;

            if (HttpContext == null || HttpContext.Request == null || !HttpContext.Request.IsAuthenticated ||

                !(HttpContext.User.Identity is FormsIdentity))

            {

                return null;

            }

            var formsIdentity = (FormsIdentity)HttpContext.User.Identity;

            var user = GetAuthenticatedUserFromTicket(formsIdentity.Ticket);

            if (user != null && user.Active && !user.Deleted )//&& user.IsRegistered()

                _cachedUser = user;

            return _cachedUser;

        }

        public bool IsCurrentUser

        {

            get { return GetAuthenticatedCustomer() != null; }

        }

        public virtual User GetAuthenticatedUserFromTicket(FormsAuthenticationTicket ticket)

        {

            if (ticket == null)

                throw new ArgumentNullException("ticket");

            var usernameOrEmail = ticket.Name;

            if (String.IsNullOrWhiteSpace(usernameOrEmail))

                return null;

            var user = _userService.GetUserByUsername(usernameOrEmail);

            return user;

        }

        public HttpContextBase HttpContext

        {

            get { return new HttpContextWrapper(System.Web.HttpContext.Current); }

        }

    }

Form认证的几点说明的更多相关文章

  1. SharePoint 2013 配置基于AD的Form认证

    前 言 配置SharePoint 2013基于AD的Form认证,主要有三步: 1. 修改管理中心的web.config: 2. 修改STS Application的web.config: 3. 修改 ...

  2. Asp.Net实现FORM认证的一些使用技巧(转)

    最近因为项目代码重构需要重新整理用户登录和权限控制的部分,现有的代码大体是参照了.NET的FORM认证,并结合了PORTAL KITS的登录控制,代码比较啰嗦,可维护性比较差.于是有了以下的几个需求( ...

  3. MVC4.0 使用Form认证,自定义登录页面路径Account/Login

    使用MVC4.0的时候,一般遇到会员登录.注册功能,我们都会使用Form认证,给需要身份验证的Action进行授权(需要登录后才能访问的Action添加[Authorize]属性标签),登录.注册的时 ...

  4. MVC用户登陆验证及权限检查(Form认证)

    1.配置Web.conf,使用Form认证方式   <system.web>     <authentication mode="None" />      ...

  5. Asp.Net 之 使用Form认证实现用户登录 (LoginView的使用)

    1. 创建一个WebSite,新建一个页面命名为SignIn.aspx,然后在页面中添加如下的代码 <div class="div_logView"> <asp: ...

  6. asp.net Form 认证【转】

    第一部分 如何运用 Form 表单认证 一.        新建一个测试项目 为了更好说明,有必要新建一个测试项目(暂且为“FormTest”吧),包含三张页面足矣(Default.aspx.Logi ...

  7. Asp.Net实现FORM认证的一些使用技巧

    原文转发:http://www.cnblogs.com/Showshare/archive/2010/07/09/1772886.html 最近因为项目代码重构需要重新整理用户登录和权限控制的部分,现 ...

  8. sharepoint:基于AD的FORM认证

    //来源:http://www.cnblogs.com/jindahao/archive/2012/05/07/2487351.html 需求: 1. 认证要基于AD 2. 登入方式要页面的方式(fo ...

  9. 浅谈MVC Form认证

    简单的谈一下MVC的Form认证. 在做MVC项目时,用户登录认证需要选用Form认证时,我们该怎么做呢?下面我们来简单给大家说一下. 首先说一下步骤 1.用户登录时,如果校验用户名密码通过后,需要调 ...

  10. Asp.net MVC Form认证,IIS改成集成模式后,FormsAuthentication.SetAuthCookie无效,Request.IsAuthenticated值,始终为false,页面提示HTTP 错误 401.0 - Unauthorized,您无权查看此目录或页面

    最近公司领导要求,IIS网站要由经典模式改为集成模式,以提高性能.改完之后,登录成功跳转到主页之后,页面提示“”HTTP 错误 401.0 - Unauthorized“,“您无权查看此目录或页面”, ...

随机推荐

  1. HTML字体及颜色设置

    字体(FONT)标记(TAGS) 标题字体(Header) <h#> ... </h#> #=1, 2, 3, 4, 5, 6<h1>今天天气真好!</h1& ...

  2. WPFUIElement的Background的问题

    <Border Name="> <Border.Background> <VisualBrush> <VisualBrush.Visual> ...

  3. Trie树(c++实现)

    转:http://www.cnblogs.com/kaituorensheng/p/3602155.html http://blog.csdn.net/insistgogo/article/detai ...

  4. SSMS错误:A connection was successfully established with the server, but then an error occurred during the login process

    参考: 系统太慢,实在搞不清是哪里的问题,祭出重装大法 需要安装的工具还真多,先装主要的吧.VS2013, SQL SERVER 2012,搞定.. 连个数据库试试,出错了: A connection ...

  5. Java编程中“为了性能”尽量要做到的一些地方

    最近的机器内存又爆满了,除了新增机器内存外,还应该好好review一下我们的代码,有很多代码编写过于随意化,这些不好的习惯或对程序语言的不了解是应该好好打压打压了. 下面是参考网络资源总结的一些在Ja ...

  6. python ImportError: DLL load failed: %1 不是有效的 Win32 应用程序

    导入的时候报出了 ImportError 在windows上安装python 的模块后,导入模块时报 python ImportError: DLL load failed: %1 不是有效的 Win ...

  7. <form>属性

    当form表单中action没有值时,默认当前页方法.

  8. 1211php面向对象

    首先需要定义数组,$attr = array(直接给元素1,2,3)索引数组 关联数组 $attr = array("one"=>1,2,3) for($i=0;$i< ...

  9. java的数据类型的转换

    一:java的数据类型转换除布尔类型boolean(不能转换)有两种:<一> 自动转换: <二> 强制转换 <一>.自动转换:就是将小的数据类型自动转换成大的数据类 ...

  10. eclipse js 引用跳转

    引用 http://stackoverflow.com/questions/24505993/the-resource-is-not-on-the-build-path-of-a-javascript ...