如何在 ASP.NET MVC 中手动设置用户角色?
我正在从事的这个项目要求我保留管理员用户的本地数据库,并为普通用户使用外部数据库。 在管理数据库中通过身份验证的任何人都应被分配“管理员”角色,而通过其他数据库进行身份验证的任何人将始终被分配“用户”角色。
我可以手动分配这些角色吗? 我不需要角色提供程序或任何东西的复杂性,因为我只使用这两个角色,它们始终基于它们进行身份验证的数据库。
如果您可以提供示例代码或某些文档的链接,这将是一个巨大的帮助。 谢谢!
编辑:
目前我没有使用角色提供程序,创建一个角色提供程序似乎很麻烦。 我知道这不是“最佳实践”,但我只需要在登录期间分配 2 个角色中的 1 个(这永远不会改变)。 在数据库中存储角色信息也没有意义,因为用户已经按其角色分为 2 个数据库。
这是一些伪代码:
if (AdminDB.ValidateUser(username,password)==true) {
SetAuthCookie(username);
AssociateUserWithRole(username, 'admin');
} elseif (UserDB.ValidateUser(username,password)==true) {
SetAuthCookie(username);
AssociateUserWithRole(username, 'user');
} else {
// Login failed.
}
我不知道它的“ThisSession.AssociateUserWithRole”部分。 基本上,用户经过身份验证后,我需要告诉 .NET 用户属于哪个角色。
This project I'm working on requires me to keep a local db of admin users and use an external db for regular users. Anyone who passes authentication in the admin db should be assigned the 'admin' role, and anyone authenticated through the other db will always be assigned a 'user' role.
Can I manually assign these roles? I don't need the complexity of a Role Provider or anything, since I'm only using these two roles which will ALWAYS be based on which db they authenticate with.
It would be a HUGE help if you could provide sample code or a link to some documentation. Thanks!
EDIT:
Currently I am not using the role provider and creating one seems like a hassle. I know its not 'best-practice', but I only need to assign 1 of 2 roles during login (this will never change). It also doesn't make sense to store role information in the database, since users are already separated into 2 dbs by their role.
Here's some pseudo-code:
if (AdminDB.ValidateUser(username,password)==true) {
SetAuthCookie(username);
AssociateUserWithRole(username, 'admin');
} elseif (UserDB.ValidateUser(username,password)==true) {
SetAuthCookie(username);
AssociateUserWithRole(username, 'user');
} else {
// Login failed.
}
Its the 'ThisSession.AssociateUserWithRole' part I don't know. Basically, one the user is authenticated, I need to tell .NET which role the user belongs to.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
实现角色提供程序并不是特别困难 - 特别是如果您只是实施角色检查,而不是角色管理。 只需实现您需要的那些部分,然后让其余部分抛出 NotImplementedExceptions。 如果您只有一个应用程序,您也不必太关心该部分。 请注意,您需要的部分将取决于框架如何使用它,而不是您将如何使用它。 我认为,例如,即使您只想检查他们是否处于特定角色,您也需要实现返回所有用户角色的位。
也就是说,您可以省略整个 RoleProvider 并在 Session 中完成整个操作。 在这种情况下,您需要实现自己的 AuthorizeAttribute 并将其身份验证和角色检查位替换为您自己的。 经过身份验证后,将用户的角色存储在会话中,并使用您的属性以及为您装饰它的方法/类提供给该属性的参数来检查它。
Implementing a role provider is not particularly hard -- especially if you are only implementing the role checking, not the role management. Just implement those portions that you need and have the rest throw NotImplementedExceptions. If you only have one application you need not be too concerned about that portion either. Note that the portions that you need will be dictated by how the framework uses it, not how you would use it. I think for example you will need to implement the bit that returns all the user's roles even if you only want to check if they are in a specific role.
That said, you could omit the whole RoleProvider and do the whole thing in the Session. In this case you'd implement your own AuthorizeAttribute and replace it's authentication and role-checking bits with your own. Store the user's role in the session once authenticated and check it there using your attribute and the parameters supplied to the attribute for the method/class you've decorated it with.
如果您使用会员资格& 内置到 asp.net 的角色,然后查看 AddUserToRole 和 RemoveUserFromRole:
http://msdn.microsoft.com/en-us/library/system.web.security.roles.addusertorole.aspx
根据他们的登录方式,您可以根据需要添加和删除它们。
我无法从您的帖子中判断您是否没有使用角色提供程序,或者您是否说过您不想创建自己的角色提供程序。 如果您没有使用内置的角色提供程序,那么您将必须使用现有的任何编码机制,根据用户登录的方式/位置在登录时切换用户。
编辑:现在您已经显示了代码并声明您没有使用 asp.net 角色引擎。
您正在使用它显示的表单身份验证 cookie,因此覆盖 global.asax 文件的authenticateRequest 并根据需要设置角色并创建您的票证。
这是以下示例:
http://csharpdotnetfreak.blogspot.com/2009/02/formsauthentication -ticket-roles-aspnet.html
该示例仅“获取”角色,但您可以在此处添加/更改角色。
If you are using the membership & roles built into asp.net then look at the AddUserToRole and RemoveUserFromRole:
http://msdn.microsoft.com/en-us/library/system.web.security.roles.addusertorole.aspx
Based on how they login you can add and remove them as needed.
I couldn't tell from your post if you aren't using the role provider or if you were saying you didn't want to create your own role provider. If you aren't using the built in role provider then you will have to use whatever coding mechanism you have in place to switch the user at login based on how / where they login from.
EDIT: Now that you have shown your code and have stated you are not using the asp.net roles engine.
You are using the forms auth cookie it appears so override the authenticateRequest of the global.asax file and set the roles up as needed and create your ticket.
Here's a sample in:
http://csharpdotnetfreak.blogspot.com/2009/02/formsauthentication-ticket-roles-aspnet.html
The sample only "gets" the roles but you can add/change the roles here.
我相信这篇文章(尽管是 2003 年的文章)清楚地描述了为用户分配角色并在每个请求上替换主体的过程(类似于 NerdDinner 所做的):使用
基于角色的安全性授权用户:
http://msdn.microsoft.com/en -us/library/aa289844%28v=vs.71%29.aspx
I believe this article (although from 2003) clearly describes the process of assigning roles to a user, and replacing the principal on every request (similar to what NerdDinner does):
Authorizing Users with Role-Based Security:
http://msdn.microsoft.com/en-us/library/aa289844%28v=vs.71%29.aspx
如果有人在 OWIN 中遇到同样的问题,我想这可能会有所帮助:
If someone encounters the same problem with OWIN, I guess this may help: