我在项目中使用自定义身份验证,而我无法管理会话以获得路由中的用户权限。 这是我的代码:
管理控制器
// POST: administration
[HttpPost]
public ActionResult Login(Admin admin)
{
var user = AdminContext.admins.SingleOrDefault(u => u.Email == admin.Email && u.Pass == admin.Pass);
if (user != null)
{
Session["adminID"] = user.adminID;
Session["adminNom"] = user.Nom.ToString() + " " + user.Prenom.ToString();
if (System.IO.File.Exists(Server.MapPath("~" + user.Photo)))
{ Session["adminPhoto"] = "~" + user.Photo; }
else
{ Session["adminPhoto"] = "~/Content/TemplateAdmin/assets/images/no_img.png"; }
return RedirectToRoute("Dashboard");
}
else
{
ModelState.AddModelError("", "Email ou mot de passeest incorrect");
return View("~/Views/Administration/Login.cshtml");
}
}
项目路线
public static void RegisterRoutes(RouteCollection routes)
{
routes.IgnoreRoute("{resource}.axd/{*pathInfo}");
routes.MapRoute(
name: "LoginAdmin",
url: "administration",
defaults: new { controller = "Admin", action = "Login" }
);
routes.MapRoute(
name: "Dashboard",
url: "administration/dashboard",
defaults: new { controller = "Dashboard", action = "Index"}
);
routes.MapRoute(
name: "Profile",
url: "administration/profile",
defaults: new { controller = "Admin", action = "Profil" }
);
routes.MapRoute(
name: "Gestion_admins",
url: "administration/gestion_admins/{action}/{id}",
defaults: new { controller = "Admin", action = "Index", id = UrlParameter.Optional }
);
}
我应该检查项目中所有ActionResult的会话吗?像这样:
// POST: Profil
[HttpPost]
public ActionResult Profil(Admin model)
{
if (Session["adminID"] != null)
{
model.adminID = Convert.ToInt32(Session["adminID"]);
}
}
答案 0 :(得分:0)
我解决了这个问题,我分享了它:
我创建了一个新的classe AdminAuthorize :
private void nextButton_Click(object sender, EventArgs e)
{
Properties.Settings.Default.Seconds = seconds;
this.Hide();
var nextForm = new NextForm();
nextForm.ShowDialog();
}
我只是在 Admincontroller
中使用它public class AdminAuthorize : AuthorizeAttribute
{
baseContext AdminContext;
public AdminAuthorize()
{
AdminContext = new baseContext();
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
//check cookie
string email = string.Empty, password = string.Empty;
Admin TempAdmin = null;
if (httpContext.Response.Cookies["adminEmail"] != null)
email = httpContext.Response.Cookies["adminEmail"].Value;
if (httpContext.Response.Cookies["adminPass"] != null)
password = httpContext.Response.Cookies["adminPass"].Value;
if (!String.IsNullOrEmpty(email) && !String.IsNullOrEmpty(password))
TempAdmin = AdminContext.admins.SingleOrDefault(u => u.Email == email && u.Pass == password);
if (TempAdmin != null)
{
httpContext.Session["adminID"] = TempAdmin.adminID;
httpContext.Session["adminNom"] = TempAdmin.Nom.ToString() + " " + TempAdmin.Prenom.ToString();
if (System.IO.File.Exists(httpContext.Server.MapPath("~" + TempAdmin.Photo)))
{ httpContext.Session["adminPhoto"] = "~" + TempAdmin.Photo; }
else
{ httpContext.Session["adminPhoto"] = "~/Content/TemplateAdmin/assets/images/no_img.png"; }
return true;
}
// Now check the session:
if (httpContext.Session["adminID"] != null)
{
return true;
}
return false;
}
}
有效!!