c# - MVC Forms Authentication and Session, Authorize Issues -
i have mvc project i'm using forms authentication, , had implement roles pages, got in global.asax:
protected void application_authenticaterequest(object sender, eventargs e) { httpcookie authcookie = context.request.cookies[formsauthentication.formscookiename]; if (authcookie == null || authcookie.value == "") { return; } formsauthenticationticket authticket; seek { authticket = formsauthentication.decrypt(authcookie.value); } grab { return; } string[] roles = authticket.userdata.split(';'); if (context.user != null) { context.user = new genericprincipal(context.user.identity, roles); } } and save user roles when log in model:
//after checking login/password httpcookie cookie = httpcontext.current.request.cookies.get(formsauthentication.formscookiename); if (cookie == null) { cookie = new httpcookie(formsauthentication.formscookiename); httpcontext.current.response.cookies.add(cookie); } string userroles = null; if (users[i].perfilid == userranks.admin) { userroles = "admin;users"; } else { userroles = "users"; } formsauthenticationticket ticket = new formsauthenticationticket(0, users[i].name, datetime.now, datetime.now.adddays(1), false, userroles, formsauthentication.formscookiepath ); cookie.value = formsauthentication.encrypt(ticket); httpcontext.current.response.cookies.set(cookie); httpcontext.current.session["userid"] = users[i].userid; httpcontext.current.session["lastlogin"] = users[i].lastlogin; httpcontext.current.user = new genericprincipal(httpcontext.current.user.identity, userroles.split(';')); to retrieve values of session variables, have static property:
public static int userid { { object sessiondata = httpcontext.current.session["userid"]; if (sessiondata == null) { //i had here... homecoming 0; } homecoming convert.toint32(sessiondata); } private set { } } before implemented roles authorization, used save userid in cookie userdata, , if userid in session, when requested, null, i'd retrieve cookie instead (and set session again). userdata beingness used roles management , i'm having issues session dropping faster cookie expiration, , have users logged in can't retrieve userids , fails operations.
so have set checker in each controller function such as:
if (myuser.session.userid == 0) { //redirect login } ...which defeats whole purpose of using [authorize] guess. there improve way handle login expiration , session variables this?
i thought using json or other format , save bunch of userdata in cookie, i'd simpler, if possible.
also, i'm doing in login:
httpcontext.current.user = new genericprincipal(httpcontext.current.user.identity, userroles.split(';')); which seems same authenticaterequest (i got part elsewhere, seemed recommended way handle fellow member roles), doesn't work should. user gets redirected out on [authorize(roles="admin")] or [authorize] functions if leave (and remove global.asax part). why?
c# asp.net-mvc asp.net-mvc-4 session cookies
No comments:
Post a Comment