asp.net-mvc 谁设置了 HttpContext.User.Identity 的 IsAuthenticated 属性
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/8660539/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Who sets the IsAuthenticated property of the HttpContext.User.Identity
提问by Elisabeth
This code is from the asp.net mvc RTM source code
此代码来自asp.net mvc RTM 源代码
Who sets the IsAuthenticated property of the HttpContext.User.Identity ?
谁设置 HttpContext.User.Identity 的 IsAuthenticated 属性?
protected virtual bool AuthorizeCore(HttpContextBase httpContext) {
if (httpContext == null) {
throw new ArgumentNullException("httpContext");
}
IPrincipal user = httpContext.User;
if (!user.Identity.IsAuthenticated) {
return false;
}
}
Is the IsAuthenticated property set by calling the method (asp.net mvc 4.0 sample project):
IsAuthenticated属性是通过调用方法设置的吗(asp.net mvc 4.0示例项目):
FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
When I debug the code of the LogOnmethod of the asp.net mvc 4.0 sample project after the above FormsAuth... method call. The execution of
当我在上面FormsAuth...方法调用后调试asp.net mvc 4.0示例项目的LogOn方法的代码时。的执行
User.Identity.IsAuthenticated
is still returning FALSE. Only when I debug the LogOffmethod the
仍然返回 FALSE。只有当我调试LogOff方法时
User.Identity.IsAuthenticated
says TRUE. So who is setting this property to TRUE and WHEN ?
说是真的。那么谁将这个属性设置为 TRUE 和 WHEN 呢?
UPDATE:
更新:
This is about FORMSauthentication!
这是关于表单认证!
I did now debug the LogOn method of the asp.net mvc sample project and after the LogOn action is returned my AuthorizeCore method I have overridden is called and then the IsAuthenticated property is TRUE!
我现在确实调试了 asp.net mvc 示例项目的 LogOn 方法,在返回 LogOn 操作后,我覆盖的 AuthorizeCore 方法被调用,然后 IsAuthenticated 属性为 TRUE!
Does setting of TRUE depend maybe of the ModelState.Value.Error collections ?
TRUE 的设置是否取决于 ModelState.Value.Error 集合?
If count == 0 in the error collections the IsAuthenticated is TRUE else the IsAuthenticated is FALSE
如果错误集合中的 count == 0 IsAuthenticated 为 TRUE,否则 IsAuthenticated 为 FALSE
Can you confirm that?
你能确认吗?
采纳答案by Darin Dimitrov
This property is set by the forms authentication module by reading and parsing the forms authentication cookie from the request. I've put request in bold because I suspect that's the reason why you are observing this behavior. Let me explain. When you call FormsAuthentication.SetAuthCookieupon successful authentication you are adding the authentication cookie to the response. This cookie will be stored on the client browser and will be sent on subsequentrequests. So it is only on subsequent requests that the user will be considered as authenticated. So you need to always redirect after calling the SetAuthCookie method. Inside the request that called this method you already know whether the user provided correct credentials so you don't need to check the IsAuthenticated property.
此属性由表单身份验证模块通过从请求中读取和解析表单身份验证 cookie 来设置。我已将请求加粗,因为我怀疑这就是您观察这种行为的原因。让我解释。当您调用FormsAuthentication.SetAuthCookie成功的身份验证时,您将身份验证 cookie 添加到响应中。此 cookie 将存储在客户端浏览器中,并将在后续发送要求。因此,只有在后续请求中,用户才会被视为已通过身份验证。所以你需要在调用 SetAuthCookie 方法后总是重定向。在调用此方法的请求中,您已经知道用户是否提供了正确的凭据,因此您无需检查 IsAuthenticated 属性。
回答by Andomar
The origin of the property depends on the type of the Identity. For a FormsIdentity, the property just returns true:
属性的来源取决于 的类型Identity。对于 a FormsIdentity,该属性仅返回 true:
/// <devdoc>
/// Indicates whether or not authentication took
/// place.
/// </devdoc>
public bool IsAuthenticated { get { return true;}}
That makes sense because the code in FormsAuthenticationModule.csonly assignes a FormsIdentityafter authentication. The code seems quite complex, I see it extracts a ticket from a cookie, but I can't find where it validates the ticket.
这是有道理的,因为代码FormsAuthenticationModule.cs只FormsIdentity在身份验证后分配。代码看起来很复杂,我看到它从 cookie 中提取了一张票,但我找不到它在哪里验证票。
