Geek Answers Handbook

Redirecting the site to the login page for each navigation action

I have an MVC application that hosts an API documentation site sitting behind auth forms. There are only two pages on the site ... home, which lists (at a high level) all the endpoints on the site, as well as data objects. You can click any of these data objects / endpoints and go to the details page.

Each of my pages is decorated with the attribute [Authorize(Roles="role,names,here")] . As expected, when you enter the site, you are redirected to the login page, and any subsequent requests just work.

However, yesterday the site began to operate, and I'm not sure why. After the initial login, the page you requested loads just fine. However, each time you click a link to go to any of the other pages, users are redirected to the login page, and the credentials no longer work.

Any thoughts on what caused this, and how can I fix it?

[Edit] I don’t know why, but my sessionState configuration was commented out in my web.config (I didn’t, and as I said, it worked 48 hours ago), but it seems to upset this:

 <sessionState mode="InProc" customProvider="DefaultSessionProvider"> <providers> <add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="dbConn"/> </providers> </sessionState>
+4
source share
1 answer

It’s better to show us that your class provides a session. But use this: you will have such an account controller:

 UserApplication userApp = new UserApplication(); SessionContext context = new SessionContext(); public ActionResult Login() { return View(); } [HttpPost] public ActionResult Login(User user) { var authenticatedUser = userApp.GetByUsernameAndPassword(user);//you get the user from your application and repository here if (authenticatedUser != null) { context.SetAuthenticationToken(authenticatedUser.UserId.ToString(),false, authenticatedUser); return RedirectToAction("Index", "Home"); } return View(); } public ActionResult Logout() { FormsAuthentication.SignOut(); return RedirectToAction("Index", "Home"); }

And your SessionContext will look like this:

  public class SessionContext { public void SetAuthenticationToken(string name, bool isPersistant, User userData) { string data = null; if (userData != null) data = new JavaScriptSerializer().Serialize(userData); FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, name, DateTime.Now, DateTime.Now.AddYears(1), isPersistant, userData.UserId.ToString()); string cookieData = FormsAuthentication.Encrypt(ticket); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, cookieData) { HttpOnly = true, Expires = ticket.Expiration }; HttpContext.Current.Response.Cookies.Add(cookie); } public User GetUserData() { User userData = null; try { HttpCookie cookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName]; if (cookie != null) { FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value); userData = new JavaScriptSerializer().Deserialize(ticket.UserData, typeof(User)) as User; } } catch (Exception ex) { } return userData; } }
0
source

More articles:


All Articles