I have an MVC3 application using NHibernate. I've created my own membership and role providers and they're working ok. I have a problem with logging in though (probably due to inexperience with ASP.NET security). I wonder if someone could help me.
Here's my controller
[Authorize(Roles="Admin")]
public ActionResult Edit(int? id)
{
...
I have a login url setup in Web.config
<authentication mode="Forms">
<forms loginUrl="~/User/Login" timeout="2880" cookieless="AutoDetect" />
</authentication>
So, when I try and click the edit link I get forwarded to the login page. All well and good so far.
[HttpPost]
public ActionResult Login(LogOnModel model, string returnUrl)
{
if (ModelState.IsValid)
{
if (_membershipProvider.ValidateUser(model.UserName, model.Password))
{
FormsAuthentication.Authenticate(model.UserName, model.Password);
FormsAuthentication.RedirectFromLoginPage(model.UserName, false);
}
else
{
ModelState.AddModelError开发者_如何学C("", "The user name or password provided is incorrect.");
}
}
return View(model);
}
I then get forwarded to the page I came from but when I click the Edit link again I get sent back to the login page. How do I get ASP.NET to store the user in session or something so that it remembers me?
You should pass "true" to that :
FormsAuthentication.RedirectFromLoginPage(model.UserName, true);
From here : http://msdn.microsoft.com/en-us/library/ka5ffkce(v=VS.100).aspx
userName The authenticated user name.
createPersistentCookie true to create a durable cookie (one that is saved across browser sessions); otherwise, false.
精彩评论