Question

plz帮助解决一个问题。我使用IIS7配置了Membership，它位于我自己的数据库中，使用aspnet_regsql实用程序创建，我使用自定义连接字符串来访问它。

这是与成员资格相关的web.config的一部分：

<connectionStrings>
    <add connectionString="Server=CORESERVER\SQLExpress;Database=Shop;User ID=Tema;Password=Matrix" name="CustomSqlConnection" />
</connectionStrings>
<profile enabled="true">
      <providers>
        <add name="CustomSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="CustomSqlConnection" />
      </providers>
</profile>
<roleManager defaultProvider="AspNetSqlRoleProvider" enabled="true">
      <providers>
        <add name="CustomSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="CustomSqlConnection" />
      </providers>
</roleManager>
<membership defaultProvider="CustomSqlMemberProvider">
      <providers>
        <add name="CustomSqlMemberProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="CustomSqlConnection" enablePasswordReset="true" enablePasswordRetrieval="false" passwordFormat="Hashed" requiresQuestionAndAnswer="true" requiresUniqueEmail="true" applicationName="/" maxInvalidPasswordAttempts="10" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />
      </providers>
</membership>
<authentication mode="Forms">
      <forms cookieless="UseCookies" loginUrl="login.aspx" name="WebShopAuthentication" protection="All" timeout="30" path="/" requireSSL="false" defaultUrl="~/admin/default.aspx" />
</authentication>
<authorization>
      <allow users="*" />
</authorization>

并且......表单授权，获取用户及其会员信息即可。但是......获得角色总是错误的。

MembershipUser userData = Membership.GetUser(HttpContext.Current.User.Identity.Name);    // OK !!! IT IS GREAT :)
var a = new RolePrincipal(HttpContext.Current.User.Identity);
var aa = a.getRoles();  // {string[0]} - EMPTY!!!
var b = Roles.IsUserInRole("Administrator", "Administrator");  // FALSE!!!
var c = Roles.Providers["CustomSqlRoleProvider"].GetAllRoles();  // {string[0]} - EMPTY!!!
var d = Roles.IsUserInRole(HttpContext.Current.User.Identity.Name, "Administrator"); // FALSE!!!
var e = HttpContext.Current.User.IsInRole("Administrator"); // FALSE !!!

WHYYYY ???

我做错了什么???

Answer 1

只是为了改进...授权工作正常并正确使用角色。我的web.config的另一部分：

<location path="Admin">
    <system.web>
      <pages styleSheetTheme="Admin" theme="Admin">
      </pages>
      <authorization>
        <deny users="?" />
        <allow roles="Administrator" />
      </authorization>
    </system.web>
    <appSettings>
      <add key="ThemeName" value="Admin" />
    </appSettings>
</location>

然后在代码中使用：

Membership.ValidateUser(userName.Text, userPassword.Text) // AND IT WORKS - USER IS LOGGED IN

Answer 2

答案是我没有正确地将webName配置添加到web.config中 - 添加后我应该重新启动IIS并在需要时重新创建角色。这是web.config的最终版本：

<roleManager defaultProvider="CustomSqlRoleProvider" enabled="true">
      <providers>
        <add name="CustomSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="CustomSqlConnection" applicationName="/" />
      </providers>
    </roleManager>

成员角色提供程序不适用于自定义连接字符串？

2 个答案: