HttpContext.Current.User.IsInRole无效

时间:2012-01-24 08:53:26

标签: asp.net-mvc security

在我的控制器AuthController / signin中我有这段代码:

    entities.UserAccount user = (new BLL.GestionUserAccount()).authentifier(email, password);
            //storing the userId in a cookie
            string roles = (new BLL.GestionUserAccount()).GetUserRoles(user.IdUser);
            // Initialize FormsAuthentication, for what it's worth

            FormsAuthentication.Initialize();

            //

            FormsAuthentication.SetAuthCookie(user.IdUser.ToString(), false);

            FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
            1, // Ticket version
            user.IdUser.ToString(), // Username associated with ticket
            DateTime.Now, // Date/time issued
            DateTime.Now.AddMinutes(30), // Date/time to expire
            true, // "true" for a persistent user cookie
            roles, // User-data, in this case the roles
            FormsAuthentication.FormsCookiePath);// Path cookie valid for

            // Encrypt the cookie using the machine key for secure transport
            string hash = FormsAuthentication.Encrypt(ticket);
            HttpCookie cookie = new HttpCookie(
               FormsAuthentication.FormsCookieName, // Name of auth cookie
               hash); // Hashed ticket



                // Get the stored user-data, in this case, our roles

            // Set the cookie's expiration time to the tickets expiration time
            if (ticket.IsPersistent) cookie.Expires = ticket.Expiration;

            // Add the cookie to the list for outgoing response
            Response.Cookies.Add(cookie);
            return RedirectToAction("index", "Home");

在母版页中我有一个菜单,在该菜单中有一个项目只能由管理员角色看到。

     <% if (HttpContext.Current.User.IsInRole("admin")){ %>

            <%=Html.ActionLink("Places", "Places", "Places")%>
        <%} %>

即使HttpContext.Current.User包含正确的角色,我也看不到该项目:

enter image description here

globalx asax:

    protected void Application_AuthenticateRequest(Object sender, EventArgs e)
    {
        if (HttpContext.Current.User != null)
        {
            if (HttpContext.Current.User.Identity.IsAuthenticated)
            {
                if (HttpContext.Current.User.Identity is FormsIdentity)
                {
                    FormsIdentity id =
                        (FormsIdentity)HttpContext.Current.User.Identity;
                    FormsAuthenticationTicket ticket = id.Ticket;

                    // Get the stored user-data, in this case, our roles
                    string userData = ticket.UserData;
                    string[] roles = userData.Split(',');
                    HttpContext.Current.User = new GenericPrincipal(id, roles);
                }
            }
        }
    }

4 个答案:

答案 0 :(得分:5)

请尝试使用静态方法User.IsInRole()

,而不是使用Roles.IsUserInRole()

答案 1 :(得分:1)

我知道这听起来很傻但是从你的形象我只能看到你的userData

我唯一可以想到的是,如果userData没有进入校长。 (可能是最后三行glabal.asax.cs的问题)

这里出了点问题:

string userData = ticket.UserData;
string[] roles = userData.Split(',');
HttpContext.Current.User = new GenericPrincipal(id, roles);

答案 2 :(得分:0)

缺少一条陈述。

这一行之后:

FormsAuthenticationTicket ticket = id.Ticket;

你需要把这一行:

ticket = FormsAuthentication.Decrypt(ticket.Name);

答案 3 :(得分:0)

在global.asax中为2个对象分配主体:

    private static void SetPrincipal(IPrincipal principal)
    {
        Thread.CurrentPrincipal = principal;
        if (HttpContext.Current != null)
        {
            HttpContext.Current.User = principal;
        }
    }

我在ASP.NET documentation

找到了它
相关问题
最新问题