发表新帖
发表新帖

What does FormsAuthentication.SetAuthCookie do

前端 未结
关注
2 1296
既然无缘
既然无缘 2020-12-30 02:26

I\'m using A createuserwizard control. On the CreatedUser Event I placed this code to add the user to a role.

    protected void RegisterUser_CreatedUser(obj
相关标签:
2条回答
  • 耶瑟儿~
    2020-12-30 03:02

    After you create the user, you want them to be logged in right away, correct? If thats the case, you drop the auth cookie that is used by asp.net to determine if the user is authenticated (different than authorized). The "false" means that its not persistent (equivalent to "Remember me?" option on log-on form.

    As to why your user is NULL, I would suggest placing a breakpoint right before that GetUser call and querying your user data store to see if its really there.

    0 讨论(0)
  • 情深已故
    2020-12-30 03:21

    Do you have LoginCreatedUser="false" or DisableCreatedUser="true" on your CreateUserWizard?

    Those will prevent the user from being logged in immediately, and cause Membership.GetUser() to return null, because the user isn't currently logged in.

    If you want the user to be logged in immediately, set neither or both LoginCreatedUser="true" and DisableCreatedUser="false" on your CreateUserWizard. That should get your current code working.

    FormsAuthentication.SetAuthCookie() sets a browser cookie to initiate the user's session. It's what keeps the user logged in each time a page is posted to the server. createPersistentCookie creates a persistent cookie that doesn't expire when the browser is closed, so the user can return to the site and be logged in automatically. It should be based on whether the user checked the "Remember me" checkbox on your Login form. It isn't available on the CreateUserWizard form by default, but you can add a checkbox for it in your template, if you like.

    If you don't want to have the user logged in automatically, remove the FormsAuthentication.SetAuthCookie() line from your code, and set the CreateUserWizard properties appropriately. If you want to approve users before they can log in, set DisableCreatedUser="true". That will prevent them from logging in until you set the user IsApproved=true from either the .Net Users module in the IIS Manager, or you own custom web page to approve users.

    You can still set add the user to the appropriate role when the user is created without needing to log them in:

    if (!Roles.IsUserInRole(RegisterUser.UserName, "Test"))
{  
    Roles.AddUserToRole(RegisterUser.UserName, "Test");
}
    0 讨论(0)
 看不清?
提交回复
热议问题