SetAuthCookie only sets the cookie. It does not log you in, nor does it load any of the user information.The cookie is read on the next request, and then ASP.NET will configure the roles and identity as part of the request processing pipeline.You can bypass this, but it essentially means duplicating the asp.net authorization code, all for one request. It's probably easier to just redirect the user and reload the page.
http://blog.csdn.net/byondocean/article/details/7164117
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
if (HttpContext.Current.User != null)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (HttpContext.Current.User.Identity is FormsIdentity)
{
FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
FormsAuthenticationTicket ticket = id.Ticket; // 取存储在票据中的用户数据,在这里其实就是用户的角色
string userData = ticket.UserData;
string[] roles = userData.Split(',');
HttpContext.Current.User = new GenericPrincipal(id, roles);
}
}
}
}
#region 登录,创建票据和Cookie
/// <summary>
/// 创建票据和Cookie
/// </summary>
/// <param name="Ver">版本号1</param>
/// <param name="Name">传入的用户名</param>
/// <param name="My_UserData">用户角色类型</param>
public static void SetLoginCookie(int Ver, string Name, string My_UserData)
{
// 设置Ticket信息
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
Ver, Name, DateTime.Now, DateTime.Now.AddMinutes(60), true, My_UserData, "/"); // 加密验证票据
string strTicket = FormsAuthentication.Encrypt(ticket); // 使用新userdata保存cookie
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, strTicket);
cookie.Expires = ticket.Expiration;
HttpContext.Current.Response.Cookies.Add(cookie);
}
#endregion
你的SetLoginCookie和FormsAuthentication.SetAuthCookie(userName, false)是一样的啊,只不过你的方法里多一个设置过期时间的参数,而FormsAuthentication.SetAuthCookie(userName, false)只能是设置持久或者临时的cookie。你的Application_AuthenticateRequest是取的当前用户的角色,我遇见的问题不是角色取不到。我现在遇见的问题是,通过window.open打开一个窗口,我会在打开的窗口中完成授权,授权完成后,关闭窗口,父页面的这个授权的cookie就没办法读取到了。