User.IsInRole()在负载均衡器中不起作用

时间:2019-02-25 09:49:36

标签: c# asp.net-mvc load-balancing user-roles

当前,我正在根据要在UI中显示控件的角色来开发Web应用程序。角色存储在数据库中,每当用户登录时,通过获取用户ID,我将访问数据库并获取用户角色并将其存储在cookie中。因此,对于下一个请求,我将从User.IsInRole()获取用户角色,并继续执行与视图中相同的逻辑。整个事情都可以在单个服务器上正常运行,但是当涉及到负载均衡器时,这会奇怪而间歇地出现问题,因为User.IsInRole()有时会返回false。

我的控制器中的代码:

tos

Global.asax.cs中的代码

public ActionResult IsValidUser(string userName)
    {


        try
        {

                if (HttpContext!=null&& HttpContext.Request.Headers["username"] != null)
                {
                    userName = HttpContext.Request.Headers["username"];
                }

                //Get the roles by sending the user name
                userRole = _processor.GetUserRole(userName);

                UserViewModel user = new UserViewModel()
                {
                    UserName = userName,
                    Role = userRole
                };
                if (!string.IsNullOrEmpty(user.Role))
                {
                    FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, user.UserName, DateTime.Now, DateTime.Now.AddMinutes(2880), true, user.Role, FormsAuthentication.FormsCookiePath);
                    string hash = FormsAuthentication.Encrypt(ticket);
                    HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash);
                    if (ticket.IsPersistent)
                    {
                        cookie.Expires = ticket.Expiration;
                    }
                    if(Response!=null)
                    Response.Cookies.Add(cookie);

                    if (!string.IsNullOrEmpty(Request.Form["ReturnUrl"]))
                    {
                        return View("Error");
                    }
                    else
                    {

                        return RedirectToAction("Index");
                    }
                }
                else
                {
                    return View("Error")
                }
            }
            else
                return RedirectToAction("Search");
        }
        catch (Exception ex)
        {
                            return View("Error);
        }


    }

我的控制器中执行逻辑的代码:

 protected void Application_AuthenticateRequest(Object sender, EventArgs e)
    {
        if (HttpContext.Current.User != null)
        {
            if (HttpContext.Current.User.Identity.IsAuthenticated)
            {
                if (HttpContext.Current.User.Identity is FormsIdentity)
                {
                    FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
                    FormsAuthenticationTicket ticket = id.Ticket;
                    string userData = ticket.UserData;
                    string[] roles = userData.Split(',');
                    HttpContext.Current.User = new GenericPrincipal(id, roles);
                }
            }
        }
    }

我不确定这是什么错误,但是在负载均衡器中有时无法显示,但显示“用户未授权”,但实际上是用户已授权。是因为Cookie还是负载均衡器?任何帮助,将不胜感激。提前致谢。

0 个答案:

没有答案