Membership.GetUser().UserName; (.net 4, mvc 3)_问答_开发者

Membership.GetUser().UserName; (.net 4, mvc 3)

开发者 https://www.devze.com 2023-04-07 10:23 出处：网络

i log users into .net using straightforward .net authentication: if ( Membership.ValidateUser( user, passwd ) )

i log users into .net using straightforward .net authentication:

if ( Membership.ValidateUser( user, passwd ) )

works fine. hot on the heels of that, i try to get the user name:

Membership.GetUser().UserName

sometimes this will return an invalid object. sometimes not. i cannot seem to detect a pattern as to which is which.

for example, a user logs in with a valid role in the system as 'root'/'password'. the ValidateUser() call succeeds, but Membership.GetUser().UserName returns an invalid object. 开发者_StackOverflow2 seconds later, do the same exact thing again, and both the validate and the GetUser() succeed.

any ideas?

.. edit 1 .. here's how i use the username:

Roles.GetRolesForUser( Membership.GetUser().UserName );

when i swap in System.Environment.UserName, the roles list comes back empty.

if i leave it as is and i set the auth cookie using 'true' as my second argument, it works fine.

FormsAuthentication.SetAuthCookie( user, true );

if i use HttpContext.Current.User.Identity.Name, the roles list is fine with the auth cookie set to true or false.

now, i understand the issue about performance. this is important to me. but i also need to ensure the application functions correctly.

Why can't you use

HttpContext.Current.User.Identity.Name

Membership.ValidateUser() returns true or false whether the user is valid or not, but it does not sign them in.

Membership.ValidateUser Method

Verifies that the supplied user name and password are valid.

Try this instead:

bool createPersistentCookie = true; // remember me?

if (Membership.ValidateUser(user, passwd)) {
    FormsAuthentication.SetAuthCookie(user, createPersistentCookie);
    if (FormsAuthentication.GetAuthCookie(user, createPersistentCookie) == null)
        throw new SecurityException("Authentication persistence failed");

    Membership.GetUser().UserName; // should have a value now
}
else
{
    // invalid login
}

I am using the system.web.security methods to authenticate users to use web service methods. I don't use the cookie authentication in FormsAuthentication at all.

I have to set up the roles associated with the web service methods in the web.config file

  <add name="rule1" url="~/WebService.svc/rest/help" method="*" role="?"/>      
  <add name="rule1" url="~/WebService.svc/rest/Method1" method="*" role="service"/>
  <add name="rule1" url="~/WebService.svc/rest/Method2" method="*" role="service"/>...

Then the following code is called every time a request comes in to verify the authentication:

Membership.ValidateUser(username, password); //Validates user credential
Roles.IsUserInRole(username, "/WebService.svc/rest/Method2"); //Verifies User is authorised for method in question

Are you using cookies to persist user credentials? If so.. I believe the following authentication steps should be taken:

call ValidateUser to check for correct credentials.. as you already do
call FormsAuthentication.SetAuthCookie to to set the authentication cookie
Response.Redirect( "Some home page or another "); will refresh the credentials cookies and get you a valid user object

Hope it helps