仅允许在ASP.NET MVC中将用户注册到管理员
在我的方案中,用户无法注册,会有管理员,管理员将使用默认密码创建用户,以后可以更改。
我正在审查复数视频,根据这些视频,我应该将[授权]标签放在动作方法中。
我做了以下操作,但是一旦我这样做了,我就无法在http://localhost/Account/Register上看到任何内容,也无法作为登录用户。
- 角色管理员已存在。
- 登录用户还与UserInRoles表中的该角色相关联。
如果我删除[Authorize]属性,那么我可以访问注册页面。
// GET: /Account/Register
[HttpPost]
[Authorize(Roles = "admin")]
public ActionResult Register()
{
return View();
}
//
// POST: /Account/Register
[HttpPost]
[Authorize(Roles="admin")]
public ActionResult Register(RegisterModel model)
{
if (ModelState.IsValid)
{
// Attempt to register the user
MembershipCreateStatus createStatus;
Membership.CreateUser(model.UserName, model.Password, model.Email, null, null, true, null, out createStatus);
if (createStatus == MembershipCreateStatus.Success)
{
FormsAuthentication.SetAuthCookie(model.UserName, false /* createPersistentCookie */);
return RedirectToAction("Index", "Home");
}
else
{
ModelState.AddModelError("", ErrorCodeToString(createStatus));
}
}
// If we got this far, something failed, redisplay form
return View(model);
}
登录部分是:
@if(Request.IsAuthenticated) {
<text>Welcome <strong>@User.Identity.Name</strong>!
[ @Html.ActionLink("Register", "Register", "Account") ]
[ @Html.ActionLink("Log Off", "LogOff", "Account") ]
[ @Html.ActionLink("Change Password", "ChangePassword", "Account") ]
[ @Html.ActionLink("Position", "Position", "Position") ]
[ @Html.ActionLink("User Position", "Position", "UserPositionPosition") ]
</text>
}
else {
@:[ @Html.ActionLink("Log On", "LogOn", "Account") ]
}
EDIT: I better attached the full account controller for better understanding
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.Web.Routing;
using System.Web.Security;
using HRRazorForms.Models;
namespace HRRazorForms.Controllers
{
public class AccountController : Controller
{
//
// GET: /Account/LogOn
public ActionResult LogOn()
{
return View();
}
//
// POST: /Account/LogOn
[HttpPost]
public ActionResult LogOn(LogOnModel model, string returnUrl)
{
if (ModelState.IsValid)
{
if (Membership.ValidateUser(model.UserName, model.Password))
{
FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
&& !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
{
return Redirect(returnUrl);
}
else
{
return RedirectToAction("Index", "Home");
}
}
else
{
ModelState.AddModelError("", "The user name or password provided is incorrect.");
}
}
// If we got this far, something failed, redisplay form
return View(model);
}
//
// GET: /Account/LogOff
public ActionResult LogOff()
{
FormsAuthentication.SignOut();
return RedirectToAction("Index", "Home");
}
//
// GET: /Account/Register
[HttpPost]
[Authorize(Roles = "admin")]
public ActionResult Register()
{
return View();
}
//
// POST: /Account/Register
[HttpPost]
[Authorize(Roles="admin")]
public ActionResult Register(RegisterModel model)
{
if (ModelState.IsValid)
{
// Attempt to register the user
MembershipCreateStatus createStatus;
Membership.CreateUser(model.UserName, model.Password, model.Email, null, null, true, null, out createStatus);
if (createStatus == MembershipCreateStatus.Success)
{
//FormsAuthentication.SetAuthCookie(model.UserName, false /* createPersistentCookie */);
return RedirectToAction("Index", "Home");
}
else
{
ModelState.AddModelError("", ErrorCodeToString(createStatus));
}
}
// If we got this far, something failed, redisplay form
return View(model);
}
//
// GET: /Account/ChangePassword
[Authorize]
public ActionResult ChangePassword()
{
return View();
}
//
// POST: /Account/ChangePassword
[Authorize]
[HttpPost]
public ActionResult ChangePassword(ChangePasswordModel model)
{
if (ModelState.IsValid)
{
// ChangePassword will throw an exception rather
// than return false in certain failure scenarios.
bool changePasswordSucceeded;
try
{
MembershipUser currentUser = Membership.GetUser(User.Identity.Name, true /* userIsOnline */);
changePasswordSucceeded = currentUser.ChangePassword(model.OldPassword, model.NewPassword);
}
catch (Exception)
{
changePasswordSucceeded = false;
}
if (changePasswordSucceeded)
{
return RedirectToAction("ChangePasswordSuccess");
}
else
{
ModelState.AddModelError("", "The current password is incorrect or the new password is invalid.");
}
}
// If we got this far, something failed, redisplay form
return View(model);
}
//
// GET: /Account/ChangePasswordSuccess
public ActionResult ChangePasswordSuccess()
{
return View();
}
#region Status Codes
private static string ErrorCodeToString(MembershipCreateStatus createStatus)
{
// See http://go.microsoft.com/fwlink/?LinkID=177550 for
// a full list of status codes.
switch (createStatus)
{
case MembershipCreateStatus.DuplicateUserName:
return "User name already exists. Please enter a different user name.";
case MembershipCreateStatus.DuplicateEmail:
return "A user name for that e-mail address already exists. Please enter a different e-mail address.";
case MembershipCreateStatus.InvalidPassword:
return "The password provided is invalid. Please enter a valid password value.";
case MembershipCreateStatus.InvalidEmail:
return "The e-mail address provided is invalid. Please check the value and try again.";
case MembershipCreateStatus.InvalidAnswer:
return "The password retrieval answer provided is invalid. Please check the value and try again.";
case MembershipCreateStatus.InvalidQuestion:
return "The password retrieval question provided is invalid. Please check the value and try again.";
case MembershipCreateStatus.InvalidUserName:
return "The user name provided is invalid. Please check the value and try again.";
case MembershipCreateStatus.ProviderError:
return "The authentication provider returned an error. Please verify your entry and try again. If the problem persists, please contact your system administrator.";
case MembershipCreateStatus.UserRejected:
return "The user creation request has been canceled. Please verify your entry and try again. If the problem persists, please contact your system administrator.";
default:
return "An unknown error occurred. Please verify your entry and try again. If the problem persists, please contact your system administrator.";
}
}
#endregion
}
}
2 个答案:
答案 0 :(得分:2)
这个问题是在web.config中默认情况下将rolemanager设置为false而不是true。
很抱歉,很容易解决,但从未想过它会被禁用。!
答案 1 :(得分:1)
那应该有用。
我会说你在尝试不同的事情时已经做了别的事。
EG:您确定控制器上没有其他的Authorize属性吗?例如:
[Authorize(Roles="ADifferentRole")]
管理员角色拼写是否正确(例如,确定它不是管理而不是管理员)?
你确定你没有注册,然后没注意到你没有以管理员身份登录,而是以最近创建的用户身份登录(见下文,你的代码中存在各种错误)
抱歉,我无法提供更多帮助,但您所展示的内容应该有效。
错误:
您的注册HttpPost操作中有一个错误,它是您想要的用途。如果您有另一个用户创建登录,那么当该用户成功注册某人时,您的代码将设置身份验证cookie为新用户的身份。
这可能是您遇到问题的原因。执行此操作的代码是:
if (createStatus == MembershipCreateStatus.Success)
{
FormsAuthentication.SetAuthCookie(model.UserName, false /* createPersistentCookie */);
return RedirectToAction("Index", "Home");
}
您需要用以下内容替换该块:
if (createStatus == MembershipCreateStatus.Success)
{
return RedirectToAction("Index", "Home"); // or wherever you want to go...
}
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?