Question

我写了一个自定义角色提供程序：

public class CustomRoleProvider : RoleProvider
{

        public override string[] GetRolesForUser(string username)
        {

            var rolesService = ObjectFactory.GetInstance<IRoleService>();
            return rolesService.GetRolesForUser(username.ToInt());
        }

        public override bool IsUserInRole(string username, string roleName)
        {
            var rolesService = ObjectFactory.GetInstance<IRoleService>();
            return rolesService.IsUserInRole(username.ToInt(), roleName);
        }

        //....
}

并在web.config注册：

<roleManager enabled="true" defaultProvider="CustomRoleProvider">
      <providers>
        <clear/>
        <add name="CustomRoleProvider" 
           type="PooyanTKD.Web.Infrastructure.CustomRoleProvider" 
           connectionStringName="DefaultConnection"
           enablePasswordRetrieval="false" enablePasswordReset="true" 
           requiresQuestionAndAnswer="false" writeExceptionsToEventLog="false" />
      </providers>
</roleManager>

我写了一个自定义授权属性：

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = true)]
    public class SiteAuthorizeAttribute : AuthorizeAttribute
    {
        protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
        {
            if (filterContext.HttpContext.Request.IsAuthenticated)
            {
                throw new UnauthorizedAccessException(); //to avoid multiple redirects
            }
            else
            {
                base.HandleUnauthorizedRequest(filterContext);
            }
        }
    }

但是当我在登录后使用[SiteAuthorize(Roles="Admins")]装饰我的Controller或操作方法时，我收到此错误：

Attempted to perform an unauthorized operation.

来源错误：

Line 14:             if (filterContext.HttpContext.Request.IsAuthenticated)
Line 15:             {
Line 16:                 throw new UnauthorizedAccessException(); //to avoid multiple redirects
Line 17:             }
Line 18:             else

我很难发现问题并搞砸了我，任何人都可以帮我弄清楚我的问题在哪里？
PS ：当我在其他视图中检查User.Identity.Name的值为0时，我也会在web.config中检查我的身份验证类型：

<forms name="Sir1Afifi2013"
               cookieless="UseCookies"
               loginUrl="~/Account/LogOn"
               defaultUrl="~/Admin/Main"
               slidingExpiration="true"
               protection="All"
               path="/"
               timeout="20" />
</authentication>

提前致谢

Answer 1

最后，我通过这种方式将未经授权的用户重定向到另一条路线，解决了我的问题：

protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
        {
            if (filterContext.HttpContext.Request.IsAuthenticated)
            {
                filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new
                {
                    action = "Index",
                    controller = "Home",
                    area = ""
                }));
            }
            else
            {
                base.HandleUnauthorizedRequest(filterContext);
            }
        }

使用CustomRoleProvider时“尝试执行未经授权的操作”

1 个答案: