ASP.NET MVC 记住我

Question

我有一个基于 ASP.NET MVC 4 的项目，可以进行简单的身份验证。

我试图让我的网站在用户选中“记住我”复选框时自动登录。但是我在使其正常工作时遇到问题。关闭浏览器并重新打开后，用户永远不会登录。

检查( http://forums.asp.net/t/1654606.aspx#4310292 )后，我添加了一个由 IIS 生成的计算 secret 钥。我已设置在运行时自动生成和为每个应用程序生成唯一 key 均已禁用并且我已生成 key )。不幸的是这并没有奏效。

查看 "Remember me" with ASP.NET MVC Authentication is not working ，我在行中添加了 FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe) 但这也不起作用，所以我现在将其注释掉。

我尝试了 ASP.NET MVC RememberMe 上给出的答案但这似乎也不起作用。

我是否遗漏了一些明显的东西？

//FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);

if (model.RememberMe)
{
    //int timeout = model.RememberMe ? 525600 : 2; // Timeout in minutes,525600 = 365 days
    int timeout = 525600;
    var ticket = new FormsAuthenticationTicket(model.UserName, model.RememberMe, timeout);
    string encrypted = FormsAuthentication.Encrypt(ticket);
    var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encrypted);
    cookie.Expires = System.DateTime.Now.AddMinutes(timeout);//My Line
    Response.Cookies.Add(cookie);
}

Answer 1

我就是这样做的

public class MyAuthentication
{
    public static HttpCookie GetAuthenticationCookie(LoginModel model, bool persistLogin)
    {
         // userData storing data in ticktet and then cookie 
        JavaScriptSerializer js = new JavaScriptSerializer();

        var userData = js.Serialize(model);
        FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(
                 1,
                 "akash",
                 DateTime.Now,
                 DateTime.Now.AddHours(1),
                 persistLogin,
                 userData);

        string encTicket = FormsAuthentication.Encrypt(authTicket);
        HttpCookie cookie= new HttpCookie(FormsAuthentication.FormsCookieName, encTicket);
        cookie.Expires = authTicket.Expiration; //must do it for cookie expiration 
        return cookie;
    }

    internal static bool Login(string UserName, string Password)
    {
        //UserName="akash" Password="akash"
        //check can be done by DB
        if (UserName== "akash" && Password == "akash")
            return true;
        else
            return false;
    }
}

然后

[HttpGet]
    [AllowAnonymous]
    public ActionResult Login()
    {
        //ViewBag.Message = "Your contact page.";
        HttpCookie cookie =  Request.Cookies[FormsAuthentication.FormsCookieName];
       // var ek = cookie.Value;
        try
        {
            //some times no cookie in browser
            JavaScriptSerializer js = new JavaScriptSerializer();
            FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);
            //string data = ticket.UserData;
            LoginModel model = js.Deserialize<LoginModel>(ticket.UserData);
            if (MyAuthentication.Login(model.UserName, model.Password) == true)
            {
                RedirectToAction("Index", "Home");
            }
        }
        catch
        {

        }
        return View();

您可以在 Global.asax 或授权过滤器上检查它。 确保你有 web.config

<authentication mode="Forms">
  <forms defaultUrl="/Home/Login" loginUrl="/home/Login" timeout="2880">
  </forms>
</authentication>

所有 Controller 之前的[Authorize]属性。