Custom Membership Provider won't redirect

2019-08-06 05:54发布

问题:

I have setup a custom membership and role provider that is not currently working as it should. I suspect that I have missed something but with all my research I have not been able to work out what it is.

The problem that is occurring is that when I enter the correct login details the login page reloads rather than redirecting. I suspect that it is redirecting but for some reason it doesn't recall that the authorisation has been approved, so as a result it sends the user back to the login page. This then just continuously repeats itself in an annoying loop.

This is my web.config

<connectionStrings>
<add name="DefaultConnection" connectionString="Data Source=(LocalDb)\v11.0;Initial Catalog=aspnet-BoomtickVenueEvents-20130313220611;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\aspnet-BoomtickVenueEvents-20130313220611.mdf" providerName="System.Data.SqlClient" />
<add name="BoomtickVenueEventsDBContext" connectionString="Data Source=EAN-PC;Initial Catalog=BoomtickVenueEventsDB;Integrated Security=True;MultipleActiveResultSets=True" providerName="System.Data.SqlClient" />
</connectionStrings>
...
<system.web>
<globalization uiCulture="en-AU" culture="en-AU" />
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<authentication mode="Forms">
  <forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>
<membership defaultProvider="CustomMembershipProvider" userIsOnlineTimeWindow="15">
  <providers>
    <add name="CustomMembershipProvider" type="BoomtickVenueEvents.Providers.VOMembershipProvider" 
         connectionStringName="AuthenticationService"
         enablePasswordRetrieval="false"
         enablePasswordReset="true"
         requiresQuestionAndAnswer="false"
         applicationName="/"
         requiresUniqueEmail="false"
         maxInvalidPasswordAttempts="5"
         minRequiredPasswordLength="7"
         minRequiredNonalphanumericCharacters="0"
         passwordAttemptWindow="10" />
  </providers>
</membership>
<roleManager defaultProvider="CustomRoleProvider" enabled="true" cacheRolesInCookie="false">
  <providers>
    <clear />
    <add name="CustomRoleProvider" type="BoomtickVenueEvents.Providers.VORoleProvider" />
  </providers>
</roleManager>
<pages>
  <namespaces>
    <add namespace="System.Web.Helpers" />
    <add namespace="System.Web.Mvc" />
    <add namespace="System.Web.Mvc.Ajax" />
    <add namespace="System.Web.Mvc.Html" />
    <add namespace="System.Web.Optimization" />
    <add namespace="System.Web.Routing" />
    <add namespace="System.Web.WebPages" />
  </namespaces>
</pages>

My Custom Membership Provider is as follows

using EventOracle.Data.Interfaces;
using EventOracle.Domain.Models;
using System;
using System.ServiceModel;
using System.Web.Security;

namespace BoomtickVenueEvents.Providers
{
    public class VOMembershipProvider : MembershipProvider
    {
        private static ISecurityProviderService _voData;

        #region Constructors
        /// <summary>
        /// Constructor that connects to the Database Service and sets a refference point to the service
        /// </summary>
        public VOMembershipProvider()
        {
            ChannelFactory<ISecurityProviderService> VODataFactory;
            NetTcpBinding tcpBinding = new NetTcpBinding();

            // Set the allowable message sizes
            tcpBinding.MaxReceivedMessageSize = System.Int32.MaxValue;
            //tcpBinding.ReaderQuotas.MaxArrayLength = System.Int32.MaxValue;

            // Set a string to the URL of the server
            string sURL = "net.tcp://localhost:50001/SecurityProviderService";

            try
            {
                // Instantiate the channel factory using the string pointing to the server location
                VODataFactory = new ChannelFactory<ISecurityProviderService>(tcpBinding, sURL);

                // Start the channel factory
                _voData = VODataFactory.CreateChannel();
            }
            catch (Exception ex)
            {
                // Display the error message to the user
                Console.WriteLine(ex.Message);
            }
        }
        #endregion // Constructors

        public override string ApplicationName
        {
            get
            {
                throw new System.NotImplementedException();
            }
            set
            {
                throw new System.NotImplementedException();
            }
        }

        public override bool ChangePassword(string username, string oldPassword, string newPassword)
        {
            throw new System.NotImplementedException();
        }

        public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)
        {
            throw new System.NotImplementedException();
        }

        public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
        {
            throw new System.NotImplementedException();
        }

        public override bool DeleteUser(string username, bool deleteAllRelatedData)
        {
            throw new System.NotImplementedException();
        }

        public override bool EnablePasswordReset
        {
            get { throw new System.NotImplementedException(); }
        }

        public override bool EnablePasswordRetrieval
        {
            get { throw new System.NotImplementedException(); }
        }

        public override MembershipUserCollection FindUsersByEmail(string emailToMatch, int pageIndex, int pageSize, out int totalRecords)
        {
            throw new System.NotImplementedException();
        }

        public override MembershipUserCollection FindUsersByName(string usernameToMatch, int pageIndex, int pageSize, out int totalRecords)
        {
            throw new System.NotImplementedException();
        }

        public override MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords)
        {
            throw new System.NotImplementedException();
        }

        public override int GetNumberOfUsersOnline()
        {
            throw new System.NotImplementedException();
        }

        public override string GetPassword(string username, string answer)
        {
            throw new System.NotImplementedException();
        }

        public override MembershipUser GetUser(string username, bool userIsOnline)
        {
            User user = _voData.GetUser(username);
            if (user != null)
            {
                MembershipUser memUser = new MembershipUser("CustomMembershipProvider", 
                                                                username, user.UserId, user.Email,
                                                                string.Empty, string.Empty, true,
                                                                false, DateTime.MinValue, DateTime.MinValue,
                                                                DateTime.MinValue, DateTime.Now, DateTime.Now);
                return memUser;
            }
            return null;
        }

        public override MembershipUser GetUser(object providerUserKey, bool userIsOnline)
        {
            throw new System.NotImplementedException();
        }

        public override string GetUserNameByEmail(string email)
        {
            throw new System.NotImplementedException();
        }

        public override int MaxInvalidPasswordAttempts
        {
            get { throw new System.NotImplementedException(); }
        }

        public override int MinRequiredNonAlphanumericCharacters
        {
            get { throw new System.NotImplementedException(); }
        }

        public override int MinRequiredPasswordLength
        {
            get { throw new System.NotImplementedException(); }
        }

        public override int PasswordAttemptWindow
        {
            get { throw new System.NotImplementedException(); }
        }

        public override MembershipPasswordFormat PasswordFormat
        {
            get { throw new System.NotImplementedException(); }
        }

        public override string PasswordStrengthRegularExpression
        {
            get { throw new System.NotImplementedException(); }
        }

        public override bool RequiresQuestionAndAnswer
        {
            get { throw new System.NotImplementedException(); }
        }

        public override bool RequiresUniqueEmail
        {
            get { throw new System.NotImplementedException(); }
        }

        public override string ResetPassword(string username, string answer)
        {
            throw new System.NotImplementedException();
        }

        public override bool UnlockUser(string userName)
        {
            throw new System.NotImplementedException();
        }

        public override void UpdateUser(MembershipUser user)
        {
            throw new System.NotImplementedException();
        }

        public override bool ValidateUser(string username, string password)
        {
            return _voData.ValidateUser(username, password);
        }
    }
}

and my AccountController as follows

namespace BoomtickVenueEvents.Controllers
{
    [Authorize]
    [InitializeSimpleMembership]
    public class AccountController : Controller
    {

        private static ISecurityProviderService _voData;

        #region Constructors
        /// <summary>
        /// Constructor that connects to the Database Service and sets a refference point to the service
        /// </summary>
        public AccountController()
        {
            ChannelFactory<ISecurityProviderService> VODataFactory;
            NetTcpBinding tcpBinding = new NetTcpBinding();

            // Set the allowable message sizes
            tcpBinding.MaxReceivedMessageSize = System.Int32.MaxValue;
            //tcpBinding.ReaderQuotas.MaxArrayLength = System.Int32.MaxValue;

            // Set a string to the URL of the server
            string sURL = "net.tcp://localhost:50001/AuthoriseService";

            try
            {
                // Instantiate the channel factory using the string pointing to the server location
                VODataFactory = new ChannelFactory<ISecurityProviderService>(tcpBinding, sURL);

                // Start the channel factory
                _voData = VODataFactory.CreateChannel();
            }
            catch (Exception ex)
            {
                // Display the error message to the user
                Console.WriteLine(ex.Message);
            }
        }
        #endregion // Constructors

        //
        // GET: /Account/Login

        [AllowAnonymous]
        public ActionResult Login(string returnUrl)
        {
            ViewBag.ReturnUrl = returnUrl;
            return View();
        }

        //
        // POST: /Account/Login

        [HttpPost]
        [AllowAnonymous]
        [ValidateAntiForgeryToken]
        public ActionResult Login(LoginModel model, string returnUrl)
        {
            if (ModelState.IsValid && Membership.ValidateUser(model.UserName, model.Password))
            {
                return RedirectToLocal(returnUrl);
            }

            // If we got this far, something failed, redisplay form
            ModelState.AddModelError("", "The user name or password provided is incorrect.");
            return View(model);
        }

        //
        // POST: /Account/LogOff

        [HttpPost]
        [ValidateAntiForgeryToken]
        public ActionResult LogOff()
        {
            WebSecurity.Logout();

            return RedirectToAction("Index", "Home");
        }

Please not that I am using WCF to get the data, however, the method by which I am collecting the data isn't the problem as long as the data is correct. Also I haven't included the role provide because I haven't included any role authorisations yet.

Any help would be appreciated.

回答1:

You are not issuing the forms cookie! I suspect you are confusing the membership provider (which is responsible for validating credentials) with forms authentication module (which is responsible for issuing cookies).

A simplest fix:

if (ModelState.IsValid && Membership.ValidateUser(model.UserName, model.Password))
{
    FormsAuthentication.SetAuthCookie( model.UserName, false );
    return RedirectToLocal(returnUrl);
}