如何刷新 AzMan 访问检查缓存?
我创建了一个使用 Microsoft AzMan 的 Web 应用程序,它工作得很好,直到您有多个用户。 我几乎 100% 确定 AzMan 正在为多个用户缓存相同的内容。
为了简化一点,我看到的问题是用户 A 访问该站点并具有完全访问权限,该用户被授予正确的访问权限并且可以正常工作。 然后用户 B 访问该站点,仅具有查看访问权限,但由于 AzMan 已经看到用户 A 的完全访问权限,因此它也向用户 B 授予完全访问权限。
我在创建客户端上下文时使用 AddStringSids 方法,因为它是唯一适用于所有情况的方法。 这有问题吗? 当我们从令牌创建客户端上下文时,我们过去没有遇到这个问题。
以下是我用来创建上下文的确切代码。 app 是 IAzApplication2 变量,ClientContext.SID 是相关用户的 SecurityIdentifier。
IAzClientContext2 cctx = app.InitializeClientContext2("AppNameHere", null);
cctx.AddStringSids(new object[] { (object)ClientContext.SID.ToString() } as object);
编辑:我根本不使用 ASP.Net 角色提供程序,因为这需要应用程序了解角色。 我只使用 COM API。
编辑2:另外,如果用户B首先登录,那么用户A在登录时没有访问权限。所以它不仅仅是保持最高级别的访问权限。
I've created a web application that uses Microsoft AzMan, and it works just fine until you have multiple users. I'm almost 100% certain that AzMan is caching the same stuff for multiple users.
To simplify it a bit, the problem I'm seeing is user A goes to the site and has full access, the user is granted the correct access and can work just fine. Then user B goes to the site, only has view access, but because AzMan has already seen user A's full access, it grants full access to user B as well.
I'm using the AddStringSids method when creating the client context because it's the only method that would work for every situation. Is there a problem with this? We used to not have this problem when we were creating client contexts from a token.
The following is the exact code I'm using to create the context. app is an IAzApplication2 variable, and ClientContext.SID is a SecurityIdentifier for the user in question.
IAzClientContext2 cctx = app.InitializeClientContext2("AppNameHere", null);
cctx.AddStringSids(new object[] { (object)ClientContext.SID.ToString() } as object);
EDIT: I am not using the ASP.Net role provider at all since that would require the application to be aware of roles. I'm only using the COM API.
EDIT 2: Also, if user B logged in first, then user A does not have access when he logs in. So it isn't just keeping the highest level of access.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我想过删除这个问题,但我认为最好将其留在这里,以便可能帮助其他人解决愚蠢的错误。 AzMan 不会缓存多个用户的访问检查结果。 AddStringSids 方法不是问题。 问题出在我的代码中。
我有一个静态变量,它保存对客户端上下文的引用,并且仅在应用程序的生命周期内创建一次,而不是在用户请求的生命周期内创建一次。 这个静态变量导致它接受第一人称访问。
所以这是一个愚蠢的程序员错误,或者正如我老板所说的 SBCK(椅子和键盘之间的短路)。 因此,如果您在 ASP.Net 中遇到类似问题,请检查变量并确保没有静态变量问题。
I thought about deleting this question, but I figure it's better to leave it here to possibly help someone else out with a stupid mistake. AzMan is not caching access check results across multiple users. The AddStringSids method is not a problem. The problem was in my code.
I had a static variable that was holding a reference to the client context, and only being created once for the life of the application, not the life of the users request. This static variable is what caused it to take on the first-person-to-access-it's access.
So it was a stupid programmer mistake, or SBCK (Short Between the Chair and the Keyboard) as my boss would say. So if you're running into a similar issue in ASP.Net, check your variables and make sure you don't have a static variable issue.