我为我的MVC4应用程序创建了一个自定义角色提供程序,我已成功覆盖CreateRole,GetAllRoles和RoleExists方法,并将它们链接到我现有的数据库,如下所示:
namespace Project.Providers
{
public class MyProvider : System.Web.Security.SqlRoleProvider
{
private MyContext dbcontext = new MyContext(System.Configuration.ConfigurationManager.ConnectionStrings["MyContext"].ConnectionString);
private Repository<MyUser> userRepository;
private Repository<Role> roleRepository;
public MyProvider()
{
this.userRepository = new Repository<MyUser>(dbcontext);
this.roleRepository = new Repository<Role>(dbcontext);
}
public override string[] GetAllRoles()
{
IEnumerable<Role> dbRoles = roleRepository.GetAll();
int dbRolesCount = roleRepository.GetAll().Count();
string[] roles = new string[dbRolesCount];
int i = 0;
foreach(var role in dbRoles)
{
roles[i] = role.Name;
i++;
}
return roles;
}
public override bool RoleExists(string roleName)
{
string[] roles = { "Admin", "User", "Business" };
if(roles.Contains(roleName))
return true;
else
return false;
}
public override void CreateRole(string roleName)
{
Role newRole = new Role();
newRole.Name = roleName;
roleRepository.Add(newRole);
roleRepository.SaveChanges();
}
public override bool IsUserInRole(string userName, string roleName)
{
MyUser user = userRepository.Get(u => u.Username == userName).FirstOrDefault();
Role role = roleRepository.Get(r => r.Name == roleName).FirstOrDefault();
if (user.RoleID == role.RoleID)
return true;
else
return false;
}
}
}
我一直无法找到覆盖
的方法User.IsInRole(string roleName)
当我使用时,我还必须做什么:
[Authorize(Roles = "Admin")]
它将基于我设置的角色提供程序而不是asp默认值。
我的用户类现在如下:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.ComponentModel.DataAnnotations;
using System.Collections;
using System.Security.Principal;
namespace Project.Data
{
public class MyUser : IPrincipal
{
[Key]
public int UserID { get; set; }
[StringLength(128)]
public string Username { get; set; }
.....other properties
public IIdentity Identity { get; set; }
public bool IsInRole(string role)
{
if (this.Role.Name == role)
{
return true;
}
return false;
}
public IIdentity Identity
{
get { throw new NotImplementedException(); }
}
}
}
我的堆栈跟踪似乎在跟随:
System.Web.Security.RolePrincipal.IsInRole(String role)
所以我尝试以与设置自定义提供程序相同的方式实现自定义RolePrincipal,我是如何做到这一点的?不确定它需要什么构造函数。这是我的尝试:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Configuration.Provider;
using Project.Data;
using System.Web.Security;
using System.Security.Principal.IIdentity;
namespace Project.Principal
{
public class MyPrincipal : System.Web.Security.RolePrincipal
{
private MyContext dbcontext = new MyContext(System.Configuration.ConfigurationManager.ConnectionStrings["MyContext"].ConnectionString);
private Repository<MyUser> userRepository;
private Repository<Role> roleRepository;
public MyPrincipal()
{
this.userRepository = new Repository<MyUser>(dbcontext);
this.roleRepository = new Repository<Role>(dbcontext);
}
public override bool IsInRole(string role)
{
//code to be added
return true;
}
}
}
答案 0 :(得分:7)
您只需要在自定义角色提供程序中覆盖方法GetRolesForUser,而不是更逻辑的IsUserInRole,因为这是执行某些不需要的缓存的默认实现所调用的。
答案 1 :(得分:2)
你在你的IPrincipal类中重写了IsInRole,我的EF看起来像这样:
public class MyUser : IPrincipal {
//Properties
...
public bool IsInRole(string role) {
if (Roles.Any(m=>m.NameKey.ToLower().Equals(role.ToLower()))) {
return true;
}
return false;
}
}
然后,一旦为webProconfig和MembershipProvider添加适当的部分到webconfig,您应该对Authorize属性有用。
更新以回应您的评论
web配置应如下所示:
...
<authentication mode="Forms">
<forms loginUrl="~/Login" timeout="2880"></forms>
</authentication>
<authorization>
</authorization>
..
<membership defaultProvider="MyMembershipProvider">
<providers>
<add name="MyMembershipProvider" type="MyApp.Infrastructure.MyMembershipProvider" connectionStringName="connectionstring" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" />
</providers>
</membership>
<roleManager defaultProvider="MyRoleProvider" enabled="true" cacheRolesInCookie="true">
<providers>
<clear />
<add name="MyRoleProvider" type="MyApp.Infrastructure.MyRoleProvider" />
</providers>
</roleManager>
...
在提供商中,用户是您的IPrincipal
吗?
public MyUser User { get; private set; }
用户应该IIdentity
在MyUser.cs中:
...
public virtual ICollection<Role> Roles { get; set; }
public IIdentity Identity { get; set; }
我没有太多额外的建议来帮助您解决问题。
更新
我设置的一些例子,在设置我的时候发现有用: http://www.brianlegg.com/post/2011/05/09/Implementing-your-own-RoleProvider-and-MembershipProvider-in-MVC-3.aspx
我在第一次浏览时阅读了很多其他文章和SO帖子,但这些都是我打算收藏的东西。我采用角色/权利方法进行授权,这就是为什么其中一个是这样的。
答案 2 :(得分:0)
要解决此问题,您需要对应用程序进行4次更新。
1. Create a class that extends RoleProvider.
namespace MyApp
{
public class MyRoleProvider : RoleProvider
{
public override string ApplicationName
{
get
{
throw new NotImplementedException();
}
set
{
throw new NotImplementedException();
}
}
public override void AddUsersToRoles(string[] usernames, string[] roleNames)
{
throw new NotImplementedException();
}
public override void CreateRole(string roleName)
{
throw new NotImplementedException();
}
public override bool DeleteRole(string roleName, bool throwOnPopulatedRole)
{
throw new NotImplementedException();
}
public override string[] FindUsersInRole(string roleName, string usernameToMatch)
{
throw new NotImplementedException();
}
public override string[] GetAllRoles()
{
throw new NotImplementedException();
}
public override string[] GetRolesForUser(string username)
{
using (ApplicationDbContext db = new ApplicationDbContext())
{
// get user roles here using user name.
}
}
public override string[] GetUsersInRole(string roleName)
{
throw new NotImplementedException();
}
public override bool IsUserInRole(string username, string roleName)
{
return GetRolesForUser(username).Contains(roleName);
}
public override void RemoveUsersFromRoles(string[] usernames, string[] roleNames)
{
throw new NotImplementedException();
}
public override bool RoleExists(string roleName)
{
throw new NotImplementedException();
}
}
}
2. Create a custom filter that extends AuthorizeAttribute and overwrite its methods.
public class MyAuthFilter : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
var routeValues = new RouteValueDictionary(new
{
controller = "Account",
action = "Login",
});
filterContext.Result = new RedirectToRouteResult(routeValues);
base.HandleUnauthorizedRequest(filterContext);
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
string[] roles = Roles.Split(',');
string userName = HttpContext.Current.User.Identity.Name;
MyRoleProvider myProvider = new MyRoleProvider();
foreach (string role in roles)
{
bool success = myProvider.IsUserInRole(userName, role);
if (success == true)
{
return true;
}
}
return false;
}
3. Configure your custom role provider in your web.config.
<system.web>
<roleManager defaultProvider="MyRoleProvider" enabled="true" cacheRolesInCookie="true">
<providers>
<clear />
<add name="MyRoleProvider" type="MyApp.MyRoleProvider" />
</providers>
</roleManager>
</system.web>
Note: The type here uses the fully qualified namespace and your class name = MyApp.MyRoleProvider. Yours can be different
4. Use your custom filter instead of the default Authorize attribute for your controllers and actions. E.g
[MyAuthFilter]
public class HomeController : Controller
{
public ActionResult Index()
{
ViewBag.Title = "Home Page";
return View();
}
}