为MVC4应用程序重写User.IsInRole和[Authorize(Roles =“Admin”)]

时间:2013-08-23 22:52:25

标签: asp.net-mvc-4 authorization roleprovider isinrole

我为我的MVC4应用程序创建了一个自定义角色提供程序,我已成功覆盖CreateRole,GetAllRoles和RoleExists方法,并将它们链接到我现有的数据库,如下所示:

namespace Project.Providers
{
  public class MyProvider : System.Web.Security.SqlRoleProvider
  {
    private MyContext dbcontext = new MyContext(System.Configuration.ConfigurationManager.ConnectionStrings["MyContext"].ConnectionString);
    private Repository<MyUser> userRepository;
    private Repository<Role> roleRepository;

    public MyProvider()
    {
        this.userRepository = new Repository<MyUser>(dbcontext);
        this.roleRepository = new Repository<Role>(dbcontext);
    }

    public override string[] GetAllRoles()
    {
        IEnumerable<Role> dbRoles = roleRepository.GetAll();
        int dbRolesCount = roleRepository.GetAll().Count();
        string[] roles = new string[dbRolesCount];
        int i = 0;
        foreach(var role in dbRoles)
        {
            roles[i] = role.Name;
            i++;
        }
        return roles;
    }

    public override bool RoleExists(string roleName)
    {
        string[] roles = { "Admin", "User", "Business" };
        if(roles.Contains(roleName))
            return true;
        else
            return false;
    }

    public override void CreateRole(string roleName)
    {
        Role newRole = new Role();
        newRole.Name = roleName;
        roleRepository.Add(newRole);
        roleRepository.SaveChanges();
    }

    public override bool IsUserInRole(string userName, string roleName)
    {
        MyUser user = userRepository.Get(u => u.Username == userName).FirstOrDefault();
        Role role = roleRepository.Get(r => r.Name == roleName).FirstOrDefault();
        if (user.RoleID == role.RoleID)
            return true;
        else
            return false;
    }
  }
}

我一直无法找到覆盖

的方法
User.IsInRole(string roleName)

当我使用时,我还必须做什么:

[Authorize(Roles = "Admin")]

它将基于我设置的角色提供程序而不是asp默认值。

我的用户类现在如下:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.ComponentModel.DataAnnotations;
using System.Collections;
using System.Security.Principal;

namespace Project.Data
{
  public class MyUser : IPrincipal
  {
    [Key]
    public int UserID { get; set; }

    [StringLength(128)]
    public string Username { get; set; }              

    .....other properties

    public IIdentity Identity { get; set; }

    public bool IsInRole(string role)
    {
        if (this.Role.Name == role)
        {
            return true;
        }
        return false;
    }

    public IIdentity Identity
    {
        get { throw new NotImplementedException(); }
    }
  }
}

我的堆栈跟踪似乎在跟随:

System.Web.Security.RolePrincipal.IsInRole(String role) 

所以我尝试以与设置自定义提供程序相同的方式实现自定义RolePrincipal,我是如何做到这一点的?不确定它需要什么构造函数。这是我的尝试:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Configuration.Provider;
using Project.Data;
using System.Web.Security;
using System.Security.Principal.IIdentity;

namespace Project.Principal
{
  public class MyPrincipal : System.Web.Security.RolePrincipal
  {
    private MyContext dbcontext = new MyContext(System.Configuration.ConfigurationManager.ConnectionStrings["MyContext"].ConnectionString);
    private Repository<MyUser> userRepository;
    private Repository<Role> roleRepository;        

    public MyPrincipal()
    {
        this.userRepository = new Repository<MyUser>(dbcontext);
        this.roleRepository = new Repository<Role>(dbcontext);
    }

    public override bool IsInRole(string role)
    {
        //code to be added
        return true;
    }
}

}

3 个答案:

答案 0 :(得分:7)

您只需要在自定义角色提供程序中覆盖方法GetRolesForUser,而不是更逻辑的IsUserInRole,因为这是执行某些不需要的缓存的默认实现所调用的。

答案 1 :(得分:2)

你在你的IPrincipal类中重写了IsInRole,我的EF看起来像这样:

public class MyUser : IPrincipal {
    //Properties
    ...
    public bool IsInRole(string role) {
        if (Roles.Any(m=>m.NameKey.ToLower().Equals(role.ToLower()))) {
            return true;
        }
        return false;
    }
}

然后,一旦为webProconfig和MembershipProvider添加适当的部分到webconfig,您应该对Authorize属性有用。

更新以回应您的评论

web配置应如下所示:

...
<authentication mode="Forms">
  <forms loginUrl="~/Login" timeout="2880"></forms>
</authentication>
<authorization>
</authorization>

..

<membership defaultProvider="MyMembershipProvider">
  <providers>
    <add name="MyMembershipProvider" type="MyApp.Infrastructure.MyMembershipProvider" connectionStringName="connectionstring" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" />
  </providers>
</membership>
<roleManager defaultProvider="MyRoleProvider" enabled="true" cacheRolesInCookie="true">
  <providers>
    <clear />
    <add name="MyRoleProvider" type="MyApp.Infrastructure.MyRoleProvider" />
  </providers>
</roleManager>
...

在提供商中,用户是您的IPrincipal吗?

public MyUser User { get; private set; }

用户应该IIdentity

在MyUser.cs中:

    ...
    public virtual ICollection<Role> Roles { get; set; }
    public IIdentity Identity { get; set; }

我没有太多额外的建议来帮助您解决问题。

更新

我设置的一些例子,在设置我的时候发现有用: http://www.brianlegg.com/post/2011/05/09/Implementing-your-own-RoleProvider-and-MembershipProvider-in-MVC-3.aspx

http://www.mattwrock.com/post/2009/10/14/Implementing-custom-MembershipProvider-and-Role-Provider-for-Authinticating-ASPNET-MVC-Applications.aspx

http://blogs.msdn.com/b/rickandy/archive/2012/03/23/securing-your-asp-net-mvc-4-app-and-the-new-allowanonymous-attribute.aspx?Redirected=true

我在第一次浏览时阅读了很多其他文章和SO帖子,但这些都是我打算收藏的东西。我采用角色/权利方法进行授权,这就是为什么其中一个是这样的。

答案 2 :(得分:0)

要解决此问题,您需要对应用程序进行4次更新。

    1. Create a class that extends RoleProvider.

    namespace MyApp
    {


     public class MyRoleProvider : RoleProvider
        {
            public override string ApplicationName
            {
                get
                {
                    throw new NotImplementedException();
                }

                set
                {
                    throw new NotImplementedException();
                }
            }

            public override void AddUsersToRoles(string[] usernames, string[] roleNames)
            {
                throw new NotImplementedException();
            }

            public override void CreateRole(string roleName)
            {
                throw new NotImplementedException();
            }

            public override bool DeleteRole(string roleName, bool throwOnPopulatedRole)
            {
                throw new NotImplementedException();
            }

            public override string[] FindUsersInRole(string roleName, string usernameToMatch)
            {
                throw new NotImplementedException();
            }

            public override string[] GetAllRoles()
            {
                throw new NotImplementedException();
            }

            public override string[] GetRolesForUser(string username)
            {
                using (ApplicationDbContext db = new ApplicationDbContext())
                {
                        // get user roles here using user name.

                }
            }



            public override string[] GetUsersInRole(string roleName)
            {
                throw new NotImplementedException();
            }

            public override bool IsUserInRole(string username, string roleName)
            {

                return GetRolesForUser(username).Contains(roleName);

            }

            public override void RemoveUsersFromRoles(string[] usernames, string[] roleNames)
            {
                throw new NotImplementedException();
            }

            public override bool RoleExists(string roleName)
            {
                throw new NotImplementedException();
            }
        }

}

    2. Create a custom filter that extends AuthorizeAttribute and overwrite its methods.

      public class MyAuthFilter : AuthorizeAttribute
    {


        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            base.OnAuthorization(filterContext);
       }


        protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
        {
            var routeValues = new RouteValueDictionary(new
            {
                controller = "Account",
                action = "Login",


            });

             filterContext.Result = new RedirectToRouteResult(routeValues);

            base.HandleUnauthorizedRequest(filterContext);
        }

        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            string[] roles = Roles.Split(',');

            string userName = HttpContext.Current.User.Identity.Name;

            MyRoleProvider myProvider = new MyRoleProvider();


            foreach (string role in roles)
            {
                bool success = myProvider.IsUserInRole(userName, role);

                if (success == true)
                {
                    return true;
                }

            }

            return false;
        }

    3. Configure your custom role provider in your web.config.
      <system.web>
        <roleManager defaultProvider="MyRoleProvider" enabled="true" cacheRolesInCookie="true">
          <providers>
            <clear />
            <add name="MyRoleProvider" type="MyApp.MyRoleProvider" />
          </providers>
        </roleManager>
      </system.web>

      Note: The type here uses the fully qualified namespace and your class name = MyApp.MyRoleProvider. Yours can be different

    4. Use your custom filter instead of the default Authorize attribute for your controllers and actions. E.g 

    [MyAuthFilter]
    public class HomeController : Controller
    {
        public ActionResult Index()
        {
            ViewBag.Title = "Home Page";

            return View();
        }
    }