IsUserInRole方法无法正常工作

时间:2015-01-27 08:03:57

标签: asp.net-mvc-4 razor user-roles asp.net-roles

关注'如果'条件不起作用,即Roles.IsUserInRole(User.Identity.Name,"teacher")没有返回任何内容(它返回零)。我该怎么做才能让它发挥作用?要求是向用户显示不同的页面作为教师注册,不同的页面向用户注册为学生。

@if (Request.IsAuthenticated && Roles.IsUserInRole(User.Identity.Name,"teacher"))//HttpContext.Current.User.IsInRole("teacher"))//User.IsInRole("teacher")) //Roles.IsUserInRole(User.Identity.Name,"teacher"))
            {


            <li>@Html.ActionLink("Quiz Management", "Index", "Quiz")</li>                       
            <li>@Html.ActionLink("Browse Quizzes", "Index", "TakeQuiz")</li>
            <li>@Html.ActionLink("Assignment Scheduling", "Index", "Assignment")</li>

        }

这是帐户控制器中的注册操作方法:

[HttpPost]
        [AllowAnonymous]
        [ValidateAntiForgeryToken]
        public ActionResult Register(RegisterModel model)
        {
            if (ModelState.IsValid)
            {
                // Attempt to register the user
                try
                {
                    var vRole = Request["selectRole"];
                   // WebSecurity.InitializeDatabaseConnection();
                    WebSecurity.CreateUserAndAccount(model.UserName, model.Password);
                    WebSecurity.Login(model.UserName, model.Password);
                    if (vRole.Equals("teacher"))
                    {
                        Roles.AddUserToRole(model.UserName, "teacher");//AddUserToRole(model.UserName, "teacher");
                    }
                    else
                    {
                        Roles.AddUserToRole(model.UserName, "student");
                    }
                    return RedirectToAction("Index", "Home");
                }
                catch (MembershipCreateUserException e)
                {
                    ModelState.AddModelError("", ErrorCodeToString(e.StatusCode));
                }
            }

            // If we got this far, something failed, redisplay form
            return View(model);
        }

这是Web.config:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <configSections>
    <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
    <sectionGroup name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection, DotNetOpenAuth.Core">
      <section name="messaging" type="DotNetOpenAuth.Configuration.MessagingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />
      <section name="reporting" type="DotNetOpenAuth.Configuration.ReportingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />
      <section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth.OpenId" requirePermission="false" allowLocation="true" />
      <section name="oauth" type="DotNetOpenAuth.Configuration.OAuthElement, DotNetOpenAuth.OAuth" requirePermission="false" allowLocation="true" />
    </sectionGroup>
  </configSections>
  <connectionStrings>
    <add name="DefaultConnection" connectionString="Data Source=(LocalDb)\v11.0;Initial Catalog=mydb;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\mydb.mdf;" providerName="System.Data.SqlClient" />
    <add name="mydbEntities" connectionString="metadata=res://*/Models.mymodel.csdl|res://*/Models.mymodel.ssdl|res://*/Models.mymodel.msl;provider=System.Data.SqlClient;provider connection string=&quot;data source=(LocalDb)\v11.0;attachdbfilename=|DataDirectory|\mydb.mdf;initial catalog=mydb;integrated security=True;multipleactiveresultsets=True;application name=EntityFramework&quot;" providerName="System.Data.EntityClient" />
    <add name="mydbEntities1" connectionString="metadata=res://*/Models.mymodel.csdl|res://*/Models.mymodel.ssdl|res://*/Models.mymodel.msl;provider=System.Data.SqlClient;provider connection string=&quot;data source=(LocalDb)\v11.0;attachdbfilename=|DataDirectory|\mydb.mdf;initial catalog=mydb;integrated security=True;multipleactiveresultsets=True;application name=EntityFramework&quot;" providerName="System.Data.EntityClient" />
  </connectionStrings>
  <appSettings>
    <add key="webpages:Version" value="3.0.0.0" />
    <!--i have made new version from 2.0.0.0 to 3-->
    <add key="webpages:Enabled" value="false" />
    <add key="PreserveLoginUrl" value="true" />
    <add key="ClientValidationEnabled" value="true" />
    <add key="UnobtrusiveJavaScriptEnabled" value="true" />
  </appSettings>
  <system.web>
    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5" />
    <authentication mode="Forms">
      <forms loginUrl="~/Account/Login" timeout="2880" />
    </authentication>
    <pages>
      <namespaces>
        <add namespace="System.Web.Helpers" />
        <add namespace="System.Web.Mvc" />
        <add namespace="System.Web.Mvc.Ajax" />
        <add namespace="System.Web.Mvc.Html" />
        <add namespace="System.Web.Optimization" />
        <add namespace="System.Web.Routing" />
        <add namespace="System.Web.WebPages" />
      </namespaces>
    </pages>
  </system.web>
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false" />
    <handlers>
      <remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
      <remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
      <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
      <add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
      <add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
      <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
    </handlers>
  </system.webServer>
  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="DotNetOpenAuth.Core" publicKeyToken="2780ccd10d57b246" />
        <bindingRedirect oldVersion="0.0.0.0-4.3.0.0" newVersion="4.3.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="DotNetOpenAuth.AspNet" publicKeyToken="2780ccd10d57b246" />
        <bindingRedirect oldVersion="0.0.0.0-4.3.0.0" newVersion="4.3.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="3.0.0.0" />
        <!--i have made new version from 2.0.0.0 to 3-->
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="0.0.0.0-5.2.2.0" newVersion="5.2.2.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="2.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="0.0.0.0-1.6.5135.21930" newVersion="1.6.5135.21930" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Net.Http" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="Antlr3.Runtime" publicKeyToken="eb42632606e9261f" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-3.5.0.2" newVersion="3.5.0.2" />
      </dependentAssembly>
    </assemblyBinding>
    <!--This prevents the Windows Event Log from frequently logging that HMAC1 is being used (when the other party needs it). <legacyHMACWarning enabled="0" /> When targeting ASP.NET MVC 3, this assemblyBinding makes MVC 1 and 2 references relink
             to MVC 3 so libraries such as DotNetOpenAuth that compile against MVC 1 will work with it.-->
  </runtime>
  <entityFramework>
    <defaultConnectionFactory type="System.Data.Entity.Infrastructure.LocalDbConnectionFactory, EntityFramework">
      <parameters>
        <parameter value="v11.0" />
      </parameters>
    </defaultConnectionFactory>
    <providers>
      <provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" />
    </providers>
  </entityFramework>
  <system.net>
    <defaultProxy enabled="true" />
    <settings>
      <!--This setting causes .NET to check certificate revocation lists (CRL) 
                 before trusting HTTPS certificates.  But this setting tends to not 
                 be allowed in shared hosting environments.-->
      <servicePointManager checkCertificateRevocationList="true" />
    </settings>
  </system.net>
  <dotNetOpenAuth>
    <messaging>
      <untrustedWebRequest>
        <whitelistHosts>
          <!--Uncomment to enable communication with localhost (should generally not activate in production!)-->
          <add name="localhost" />
        </whitelistHosts>
      </untrustedWebRequest>
    </messaging>
    <!--Allow DotNetOpenAuth to publish usage statistics to library authors to improve the library.-->
    <!--<reporting enabled="true" />-->
    <!--This is an optional configuration section where aspects of dotnetopenauth can be customized.  For a complete set of configuration options see http://www.dotnetopenauth.net/developers/code-snippets/configuration-options/-->
    <openid>
      <relyingParty>
        <security requireSsl="false">
                     Uncomment the trustedProviders tag if your relying party should only accept positive assertions from a closed set of OpenID Providers. 
                    <trustedProviders rejectAssertionsFromUntrustedProviders="true"><add endpoint="https://www.google.com/accounts/o8/ud" /></trustedProviders></security>
        <behaviors>
          <!--The following OPTIONAL behavior allows RPs to use SREG only, but be compatible
                         with OPs that use Attribute Exchange (in various formats).-->
          <add type="DotNetOpenAuth.OpenId.RelyingParty.Behaviors.AXFetchAsSregTransform, DotNetOpenAuth.OpenId.RelyingParty" />
        </behaviors>
      </relyingParty>
    </openid>
  </dotNetOpenAuth>
  <uri>
    <!--The uri section is necessary to turn on .NET 3.5 support for IDN (international domain names),
             which is necessary for OpenID urls with unicode characters in the domain/host name.
             It is also required to put the Uri class into RFC 3986 escaping mode, which OpenID and OAuth require.-->
    <idn enabled="All" />
    <iriParsing enabled="true" />
  </uri>
</configuration>

我想我错过了什么?我该怎么做才能解决这个问题? 问候。

1 个答案:

答案 0 :(得分:0)

https://msdn.microsoft.com/en-us/library/ff647070.aspx

  

FormsAuthenticationModule类构造一个GenericPrincipal对象并将其存储在HTTP上下文中。 GenericPrincipal对象包含对FormsIdentity实例的引用,该实例表示当前经过身份验证的用户。您应该允许表单身份验证为您管理这些任务。如果您的应用程序具有特定要求,例如将User属性设置为实现IPrincipal接口的自定义类,则应用程序应处理PostAuthenticate事件。在FormsAuthenticationModule验证了表单身份验证cookie并创建了GenericPrincipal和FormsIdentity对象之后,发生了PostAuthenticate事件。在此代码中,您可以构造一个包装FormsIdentity对象的自定义IPrincipal对象,然后将其存储在HttpContext.User属性中。

换句话说,您需要在重写的 Application_PostAuthenticateRequest 方法中创建新的 GenericPrincial (请参阅 Global.asax )。像这样:

protected void Application_PostAuthenticateRequst(object sender, EventArgs e)
{
    if (Context.User.Identity.IsAuthenticated
     && Context.User.Identity.AuthenticationType == "Forms")
    {
        // You should get roles in the user by his UserName:
        // string[] roles = ...
        // With Role provider it will look like
        var roles = Roles.GetRolesForUser(Context.User.Identity.Name);

        Context.User = new GenericPrincipal(Context.User.Identity, roles);
        Thread.CurrentPrincipal = Context.User;
    }
}