我正在尝试在我的应用程序中实现表单身份验证 . 我举了各种例子,看了一下这个论坛和ASP.net MVC中提供的示例和问题,但我无法让它工作 .
我设法验证我的用户,但角色似乎不起作用:-(
我已经设置了我的Web.Config如下:
<authentication mode="Forms"> <forms loginUrl="~/Account/Login" timeout="2880" /> </authentication>
在我的控制器中,我将索引页面设置为AllowAnonymous,然后检查用户是否经过身份验证 . 如果没有,则重定向到登录页面..
[AllowAnonymous]
public ActionResult Index(string sortOrder, string searchString,string currentFilter, int? page)
{
if (!Request.IsAuthenticated)
{
return RedirectToAction("Login", "Account");
}
//Find all the employees
var employees = from s in db.Employees
select s;
//Pass employees to the view (All works fine)
return View(employees.ToPagedList(pageNumber, pageSize));
}
这一切都在100%工作
我的登录代码如下所示:
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Login(User user, string returnUrl)
{
var myUser = db.Users.Where(b => b.UserName == user.UserName).FirstOrDefault();
if(myUser != null)
{
if(myUser.Password==user.Password)
{
//These session values are just for demo purpose to show the user details on master page
//Session["User"] = user;
ICollection<UserAccessLevel> levels = db.UserAccessLevels.Where(b => b.UserId == myUser.UserId).ToList();
//Session["levels"] = levels;
//Let us now set the authentication cookie so that we can use that later.
FormsAuthentication.SetAuthCookie(user.UserName, false);
return RedirectToAction("Index","Employee");
}
}
ViewBag.Message = "Invalid User name or Password.";
return View(user);
}
我在Global.asax文件中也有以下代码:
protected void FormsAuthentication_OnAuthenticate(Object sender, FormsAuthenticationEventArgs e)
{
if (FormsAuthentication.CookiesSupported == true)
{
if (Request.Cookies[FormsAuthentication.FormsCookieName] != null)
{
try
{
//let us take out the username now
string username = FormsAuthentication.Decrypt(Request.Cookies[FormsAuthentication.FormsCookieName].Value).Name;
string roles = string.Empty;
using (TrainingContext entities = new TrainingContext())
{
User user = entities.Users.SingleOrDefault(u => u.UserName == username);
roles = "admin";//user.Roles;
}
//Let us set the Pricipal with our user specific details
e.User = new System.Security.Principal.GenericPrincipal(
new System.Security.Principal.GenericIdentity(username, "Forms"), roles.Split(';'));
}
catch (Exception)
{
//somehting went wrong
}
}
}
}
当我登录我的FormsAuthentication_OnAuthenticate执行并且一切看起来都很好 . 我的用户已设置,我在会话中的角色也在那里......
但是,当我点击我的员工/索引屏幕的详细信息时,它会将我带回登录屏幕(我希望它能够将我带到我点击的员工的详细信息,因为我已登录并且我被设置为管理员角色)
请你协助我试着解决问题 . 我已经坐了18个多小时才试图解决这个问题 .
我已经看过这些解决方案,因为你可以看到我的大部分代码来自那里... codeproject.com/Articles/578374/AplusBeginner-27splusTutorialplusonplusCustomplusF codeproject.com/Articles/342061/Understanding-ASP-NET-Roles-and- Membership-A-Begin codeproject.com/Articles/408306/Understanding-and-Implementing-ASP-NET-Custom-Form
如果您需要有关我的代码的更多详细信息,您也可以从GitHub https://github.com/Ruandv/Training/tree/FormsAuthentication下载它
非常感谢您的帮助 .
1 回答
如果您转到数据库并查找为用户分配角色的表(可能由
SimpleMembership
生成?),您的用户是否具有"admin"角色?看起来您只是在
FormsAuthentication_OnAuthenticate
方法中分配角色而不在DB中实际设置它 .而且,虽然我不完全确定,
[Authorize(Roles = "admin")]
可能正在使用您的角色提供程序并检查用户是否在数据库中具有/没有角色 .