Is it possible to determine the current user's authentication status via a public WebMethod? Here's what I've got so far:
[WebMethod]
public bool IsAuthenticated()
{
return Context.User.Identity.IsAuthenticated;
}
Because there's nothing passed in to this method and the Context.User is "Anonymous" and is technically unauthenticated at this point, the response is always false
, even for authenticated users.
My next thought was to pass in the user's UserProviderKey (GUID) and use tha开发者_开发问答t to generate a generic principal to validate. I'm not sure if that's possible or if the GUID itself provides enough security to prevent people from retrieving the authentication status of other users.
You would need to pass the authentication cookie with the web request. This is the way .NET knows if a user is authenticated or not (assuming you are using standard authentication).
The authentication cookie is nothing to do with session cookie, which is highly insecure.
Seems the webmethod cannot read the authentication cookie.
Try
[WebMethod(EnableSession = true)]
Assuming cookie-based session, this will allow the web method to read cookies.
精彩评论