为什么cshtml显示不属于我的角色的用户的链接?

时间:2016-08-22 14:30:43

标签: asp.net-mvc owin

为什么cshtml显示不属于我的角色的用户的链接?

要明确非管理员用户不应该看到重置密码和创建用户链接。在我的情况下,他们看到了链接。

在我的layout.cshtml中,我有以下代码:

        @if (HttpContext.Current.User.Identity.IsAuthenticated)
        { 
            @Html.ActionLink("My Wonderful App", "Index", "Home", new { area = "" }, new { @class = "navbar-brand" })
            <span class="navbar-right">
                if (HttpContext.Current.User.IsInRole("Administrators"))
                {
                   @Html.ActionLink("Reset Password", "ResetPassword", "Auth", null, new { @class = "navbar-brand" })
                   @Html.ActionLink("Create User", "CreateAccount", "Auth", null, new { @class = "navbar-brand" })
                }
                @Html.ActionLink("Logoff", "Logoff", "Auth", null, new { @class = "navbar-brand" })
            </span>
        }

在我的控制器中,当用户登录时,我有:

// For clarity assume:
// userName = "myTest@tester.com"
// IsAdmin = false

var identity = new ClaimsIdentity(new[] {
                                new Claim(ClaimTypes.Name, userName),
                                new Claim(ClaimTypes.Email, userName)                                
                            }, "ApplicationCookie");

                        if (IsAdmin)
                        {
                            identity.AddClaim(new Claim(ClaimTypes.Role, "Administrators"));
                        }
                        else
                        {
                            identity.AddClaim(new Claim(ClaimTypes.Role, "User"));
                        }

                        var ctx = Request.GetOwinContext();
                        var authManager = ctx.Authentication;

                        authManager.SignIn(identity);

当用户点击链接时拒绝访问,控制器正常工作。

[Authorize(Roles="Administrators")]

1 个答案:

答案 0 :(得分:0)

原来这是一个剃刀语法问题。

@if (HttpContext.Current.User.Identity.IsAuthenticated)
    { 
        @Html.ActionLink("My Wonderful App", "Index", "Home", new { area = "" }, new { @class = "navbar-brand" })
        <span class="navbar-right">
            if (HttpContext.Current.User.IsInRole("Administrators"))
            {
               @Html.ActionLink("Reset Password", "ResetPassword", "Auth", null, new { @class = "navbar-brand" })
               @Html.ActionLink("Create User", "CreateAccount", "Auth", null, new { @class = "navbar-brand" })
            }
            @Html.ActionLink("Logoff", "Logoff", "Auth", null, new { @class = "navbar-brand" })
        </span>
    }

应该是:

@if (HttpContext.Current.User.Identity.IsAuthenticated)
{ 
    @Html.ActionLink("My Wonderful App", "Index", "Home", new { area = "" }, new { @class = "navbar-brand" })
    <span class="navbar-right">
        @if (HttpContext.Current.User.IsInRole("Administrators"))
        {
           @Html.ActionLink("Reset Password", "ResetPassword", "Auth", null, new { @class = "navbar-brand" })
           @Html.ActionLink("Create User", "CreateAccount", "Auth", null, new { @class = "navbar-brand" })
        }
        @Html.ActionLink("Logoff", "Logoff", "Auth", null, new { @class = "navbar-brand" })
    </span>
}
相关问题
最新问题