添加/更改用户后,CustomAuthorize属性不更新

时间:2015-12-02 15:04:47

标签: c# asp.net asp.net-mvc entity-framework

我遇到了内部MVC网站的问题。我可能将这个错误称为错误,因为我不确切地知道问题所在。我有以下自定义授权属性:

public class CustomAuthorizeAttribute : AuthorizeAttribute
{
    public CustomAuthorizeAttribute(params string[] roles)
    {
        using (var dataLayer = new CarrierBoundEntities())
        {
            string userNames = string.Empty;

            foreach (var user in dataLayer.tbl_PremiumWriteOffs_Users)
            {
                if (roles.Contains(user.Role))
                {
                    userNames += user.Username + ",";
                }
            }

            if (userNames.Length > 0)
            {
                // Remove last comma
                userNames.Remove(userNames.Length - 1);
            }

            Users = userNames;
        }
    }

    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        base.OnAuthorization(filterContext);
    }
}

数据层是实体框架创建的默认DbContext。有一个视图允许具有管理员角色的用户添加/编辑用户。以下是处理帖子以编辑用户的控制器:

[HttpPost]
[ValidateAntiForgeryToken]
[CustomAuthorize(new string[] { "Admin" })]
public ActionResult UsersEditView(UsersVM viewModel)
{
    using (var dataLayer = new CarrierBoundEntities())
    {
        var userToEdit = dataLayer.tbl_PremiumWriteOffs_Users.SingleOrDefault(x => x.ID == viewModel.UserSubmit.ID);

        if (userToEdit == null)
        {
            return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
        }

        // If the username was changed then check and display error if it's the same as another entry
        if (userToEdit.Username.Equals(viewModel.UserSubmit.Username, StringComparison.OrdinalIgnoreCase) == false)
        {
            foreach (var user in dataLayer.tbl_PremiumWriteOffs_Users)
            {
                if (user.Username.Equals(viewModel.UserSubmit.Username, StringComparison.OrdinalIgnoreCase))
                {
                    ModelState.AddModelError("UserSubmit.Username", "A user with this username already exists.");
                    break;
                }
            }
        }

        if (ModelState.IsValid)
        {
            userToEdit.Username = viewModel.UserSubmit.Username;
            userToEdit.Role = viewModel.UserSubmit.Role;
            userToEdit.UserLastModified = this.User.Identity.Name;
            userToEdit.DateLastModified = DateTime.Now;
            dataLayer.SaveChanges();

            return RedirectToAction("UsersView");
        }

        viewModel.RoleSelect = GetRoleSelectList();
        return View(viewModel);
    }
}

现在,当我在我的机器上本地运行它时工作正常,但是当部署在服务器上时,当添加新用户或更改现有用户的角色时,某些内容不会更新。新用户仍然无法访问该站点的任何部分,并且从admin更改为用户的用户仍将可以访问管理区域。它保持这种方式,直到在服务器上重新启动应用程序。

奇怪的是,在进行更改后,更改在前端和后端都可见,因此似乎数据库和实体上下文都正在更新。所以我认为可能是自定义授权属性没有使用新的用户名列表进行更新,但我真的不知道并且我在调试时遇到问题,因为它在本地工作。

非常感谢任何帮助。

1 个答案:

答案 0 :(得分:0)

您尝试扩展 'view_manager' => array( 'display_not_found_reason' => true, 'display_exceptions' => true, 'doctype' => 'HTML5', 'not_found_template' => 'error/404', 'exception_template' => 'error/index', 'template_map' => array( 'layout/portfolio' => __DIR__ . '/../view/layout/layout_portfolio.phtml', 'layout/layout' => __DIR__ . '/../view/layout/layout.phtml', 'application/index/index' => __DIR__ . '/../view/application/index/index.phtml', 'error/404' => __DIR__ . '/../view/error/404.phtml', 'error/index' => __DIR__ . '/../view/error/index.phtml', ), 'template_path_stack' => array( __DIR__ . '/../view', ), ),的方式是错误的。你需要做这样的事情:

AuthorizeAttribue