我正在阅读this文档,试图找到我应该在哪里替换连接字符串或与数据库管理相关的内容,以覆盖我的CustomAuthorize属性以获得以下行为:
public override bool AuthorizeCore(HttpContextBase httpContext)
{
//Check if the actual user is in the roles provided
if(user.HasRole(Roles))
{
true;
}
else
{
false;
}
}
我不知道:
Users和Roles表格的位置和位置?答案 0 :(得分:0)
首先验证用户并为其会话创建经过身份验证的cookie,如下所示:
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, model.Email, DateTime.Now, DateTime.Now.AddDays(1), false, model.Email);
string hashedTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hashedTicket);
HttpContext.Response.Cookies.Add(cookie);
下一步,当应用程序尝试进行身份验证时:
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
var authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie != null)
{
var authTicket = FormsAuthentication.Decrypt(authCookie.Value);
var user = this.UserService.GetUserByEmail(authTicket.Name);
var identity = new GenericIdentity(authTicket.Name, "Forms");
// Get the stored user roles
HttpContext.Current.User = new GenericPrincipal(identity, user.Roles);
}
}
然后你应该可以使用:
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext.User.IsInRole("admin"))
{
}
}