User-1623772110 posted
Hi,
I've a mvc5 application with a custom login. Nothing crazy I just get username and password from a MongoDB then I do my check.
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Login ( LoginViewModel vm )
{
try
{
if ( !ModelState.IsValid )
return View ( );
var db = new MongoDb ( );
var user = db.GetUser ( vm.Email.Trim ( ) );
if ( user == null )
return View ( "Home" );
string oldHash = user.Hash;
byte [ ] salt = user.Salt;
bool isLogin = Security.CompareHashValue ( vm.Password, vm.Email, oldHash, salt );
if ( !isLogin )
{
TempData [ "ErrorMSG" ] = "Access Denied! Wrong Credential";
return View ( vm );
}
SignInRemember ( vm.Email, vm.RememberMe );
FormsAuthentication.SetAuthCookie ( vm.Email, false );
Session [ "User" ] = vm;
return RedirectToAction ( "Index", "Dashboard" );
Now till I'm in the same controller isAuthenticated is true but when I go do the Dashboard/Index
class Dashboard {
...
public ActionResult Index()
{
bool auth = User.Identity.IsAuthenticated;
is false and if I use the [Authorized] decorator the user cannot access to the
ActionResult.
I think that everything is right but I would like to let things works :-)
Thank you