问题
EDIT: Can anyone explain why I am getting "/" for the username? See my "Answer" below
I created a new WebForms application in VS2013 (.NET 4.51) which included the "new" Identity membership provider. I wanted to use the older Membership provider so did as follows.
- Populated the necessary entries in web.config as follows:
:
<membership defaultProvider="DefaultMembershipProvider">
<providers><add name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
and
<profile defaultProvider="DefaultProfileProvider">
<providers>
<add name="DefaultProfileProvider" type="System.Web.Providers.DefaultProfileProvider, System.Web.Providers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" applicationName="/" />
</providers>
</profile>
<roleManager defaultProvider="DefaultRoleProvider" enabled="true">
<providers>
<add name="DefaultRoleProvider" type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" applicationName="/" />
</providers>
</roleManager>
I doubled checked the authentication node:
<authentication mode="Forms">
<forms loginUrl="Account/Login" timeout="120" defaultUrl="/">
</forms>
</authentication>
My login code is as follows:
if (Membership.ValidateUser(txtUserName.Text, txtPassword.Text))
{
FormsAuthentication.RedirectFromLoginPage("/", chkRememberMe.Checked);
}
and my logout code:
FormsAuthentication.SignOut();
Session.Abandon();
FormsAuthentication.RedirectToLoginPage();
however HttpContext.Current.User.Identity.IsAuthenticated always returns TRUE, which means that even after I logout I can access any page in the site even through I have the following restriction:
<!-- Entire site is secured -->
<location path=".">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
What am I missing here? I am guessing there is still some legacy from the original Identity provider which I have not eradicated which is causing this issue. At this point security is not working at all for me and I need to get it working without using the new Identity membership provider which is the default for new applications generated via the new application template in VS2013.
All pointers and suggestions greatly appreciated.
回答1:
I came back to this today and now pages are authenticating as expected (WT....). So I am guessing that there must have been a cookie somewhere that was not being cleared. However something is still not right.
Once the user has authenticated when I inspect:
System.Web.HttpContext.Current.User.Identity.Name
I am getting:
"/"
as the result instead of the name the user entered when they logged in via:
Membership.ValidateUser(txtUserName.Text, txtPassword.Text)
ie. why am I not getting the value of txtUserName.Text instead of /
I guess a related question is, is there a HOWTO on how to revert a project from Identity to the previous Membership system?
来源:https://stackoverflow.com/questions/23911930/webforms-httpcontext-current-user-identity-isauthenticated-always-true