FormsAuthentication.SignOut() 之后继续执行 MVC 控制器

发布于 2024-11-29 20:31:19 字数 877 浏览 1 评论 0原文

我将所有会话保存在数据库中。让我们假设该会话在数据库中丢失，而不是在 cookie 中丢失。

在 OnAuthorization(AuthorizationContext filterContext) 中，我根据会话 ID 从数据库检索用户对象。

if (HttpContext.User.Identity.IsAuthenticated)
{
    //Gets user data from DB.
    var user = userRepos.GetUser(HttpContext.User.Identity.Name); 

        if (user != null)
        {
            CurrentUser = user;
            Thread.CurrentPrincipal = HttpContext.User = new DibPrincipal(user);
            return;
        }
        else
        {
            FormsAuthentication.SignOut();
            Session.Abandon();
            Response.Redirect(FormsAuthentication.LoginUrl, true);
        }
    }
}

想象一下，用户调用了控制器 GetDocuments，但他被重定向到 FormsAuthentication.LoginUrl。它有效，用户被重定向，但我收到异常，该异常显示 GetDocument 控制器中的错误，因为 CurrentUser 不存在。因此，.net 即使在重定向后也会尝试调用 GetDocuments。

如何避免这个错误呢？

谢谢！ :)

原文

I save all session in the database. Lets imagine that this session was lost in the database, not in the cookies.

In OnAuthorization(AuthorizationContext filterContext) I retrieve user object from database base on the session id.

if (HttpContext.User.Identity.IsAuthenticated)
{
    //Gets user data from DB.
    var user = userRepos.GetUser(HttpContext.User.Identity.Name); 

        if (user != null)
        {
            CurrentUser = user;
            Thread.CurrentPrincipal = HttpContext.User = new DibPrincipal(user);
            return;
        }
        else
        {
            FormsAuthentication.SignOut();
            Session.Abandon();
            Response.Redirect(FormsAuthentication.LoginUrl, true);
        }
    }
}

Imagine that user called a controller GetDocuments, but he was redirected to FormsAuthentication.LoginUrl. It works, user is been redirected, but I get en exception which shows an error in GetDocument controller, because CurrentUser does not exist. So .net trying to call GetDocuments even after redirecting.

How to avoid this error?

Thanks! :)

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

生生不灭 2024-12-06 20:31:19

您不应该从 OnAuthorization 函数重定向，而应该从 filterContext 设置 Result 参数，如下所示：

filterContext.Result == new RedirectToRouteResult(new RouteValueDictionary {
{
    "controller",
    "Utilisateurs"
},
{
    "action",
    "Connexion"
},
{
    "ReturnUrl",
    filterContext.HttpContext.Request.RawUrl
}
});

You should not redirect from your OnAuthorization function but rather set the Result parameter from the filterContext as such :

filterContext.Result == new RedirectToRouteResult(new RouteValueDictionary {
{
    "controller",
    "Utilisateurs"
},
{
    "action",
    "Connexion"
},
{
    "ReturnUrl",
    filterContext.HttpContext.Request.RawUrl
}
});

回复收藏 0 原文

~没有更多了~