在 MVC.NET 的 AuthorizeServices 中哪里可以设置角色？

发布于 2024-08-04 05:06:28 字数 625 浏览 0 评论 0原文

我不知道我错过了什么，也不知道还需要读什么才能得到正确的结果。我将尝试这个灰色问题，看看我是否更接近解决方案。我正在构建一个 .NET MVC 应用程序。

该应用程序正在使用 DotNetOpenAuth 库通过 OpenID 进行身份验证，一切正常。一旦用户通过身份验证，我就会重新记录数据库中的 openid 令牌，并创建调用表单身份验证，如下所示。

            FormsAuthentication.SetAuthCookie(confirmedUser.OpenID, false);

之后，该用户通过我的代码中的所有授权属性。如下所示：

    [Authorize]
    public ActionResult About()
    {
        return View();
    }

我不知道在哪里为特定用户设置角色。我没有使用会员服务。

我需要使用如下属性：

    [Authorize(Roles="Administrator")]
    public ActionResult About()
    {
        return View();
    }

原文

I don't know what I am missing, and I don't know what else to read to get it right. I will try this gray question to see if I get closer to the solution. I am building a .NET MVC application.

This application is authenticating with OpenID using DotNetOpenAuth Library, all that is working ok. Once a user is authenticate I rebcord the openid token in the database and create call the forms authentication like below.

            FormsAuthentication.SetAuthCookie(confirmedUser.OpenID, false);

After that this user pass all authorize attribute in my code. Like below:

    [Authorize]
    public ActionResult About()
    {
        return View();
    }

I don't know where to set the roles for a specific user. I am not using the Membership services.

I need to get working the attributes like below:

    [Authorize(Roles="Administrator")]
    public ActionResult About()
    {
        return View();
    }

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

纵情客 2024-08-11 05:06:28

首先，不使用会员提供商对您有好处。这对于 OpenID 来说效果不佳。

要使角色在没有成员资格提供程序的情况下工作，您需要实现自己的从 System.Web.Security.RoleProvider 派生的类。它完全脱离了身份验证，这对您来说很容易。您只需在数据库中存储每个用户所属的角色，然后 RoleProvider 与该数据库进行交互。

编写角色提供程序类后，将其与 web.config 文件中的该类连接起来。此代码段应出现在您的 system.web 部分中。

<roleManager enabled="true" defaultProvider="Database">
    <providers>
        <add name="Database" type="MyRoleProvider" />
    </providers>
</roleManager>

这是我为 OpenID Web 应用程序编写的一个角色提供程序。它是使用 Linq to Entities 编写的，但您可以了解其想法并实现它以针对您的数据库工作。

public class MyRoleProvider : RoleProvider {
    public override string ApplicationName {
        get { throw new NotImplementedException(); }
        set { throw new NotImplementedException(); }
    }

    public override void AddUsersToRoles(string[] usernames, string[] roleNames) {
        var users = from token in Global.DataContext.AuthenticationToken
                    where usernames.Contains(token.ClaimedIdentifier)
                    select token.User;
        var roles = from role in Global.DataContext.Role
                    where roleNames.Contains(role.Name, StringComparer.OrdinalIgnoreCase)
                    select role;
        foreach (User user in users) {
            foreach (Role role in roles) {
                user.Roles.Add(role);
            }
        }
    }

    public override void RemoveUsersFromRoles(string[] usernames, string[] roleNames) {
        var users = from token in Global.DataContext.AuthenticationToken
                    where usernames.Contains(token.ClaimedIdentifier)
                    select token.User;
        var roles = from role in Global.DataContext.Role
                    where roleNames.Contains(role.Name, StringComparer.OrdinalIgnoreCase)
                    select role;
        foreach (User user in users) {
            foreach (Role role in roles) {
                user.Roles.Remove(role);
            }
        }
    }

    public override void CreateRole(string roleName) {
        Global.DataContext.AddToRole(new Role { Name = roleName });
    }

    /// <summary>
    /// Removes a role from the data source for the configured applicationName.
    /// </summary>
    /// <param name="roleName">The name of the role to delete.</param>
    /// <param name="throwOnPopulatedRole">If true, throw an exception if <paramref name="roleName"/> has one or more members and do not delete <paramref name="roleName"/>.</param>
    /// <returns>
    /// true if the role was successfully deleted; otherwise, false.
    /// </returns>
    public override bool DeleteRole(string roleName, bool throwOnPopulatedRole) {
        Role role = Global.DataContext.Role.SingleOrDefault(r => r.Name == roleName);
        if (role == null) {
            return false;
        }

        if (throwOnPopulatedRole && role.Users.Count > 0) {
            throw new InvalidOperationException();
        }

        Global.DataContext.DeleteObject(roleName);
        return true;
    }

    /// <summary>
    /// Gets an array of user names in a role where the user name contains the specified user name to match.
    /// </summary>
    /// <param name="roleName">The role to search in.</param>
    /// <param name="usernameToMatch">The user name to search for.</param>
    /// <returns>
    /// A string array containing the names of all the users where the user name matches <paramref name="usernameToMatch"/> and the user is a member of the specified role.
    /// </returns>
    public override string[] FindUsersInRole(string roleName, string usernameToMatch) {
        return (from role in Global.DataContext.Role
                where role.Name == roleName
                from user in role.Users
                from authTokens in user.AuthenticationTokens
                where authTokens.ClaimedIdentifier == usernameToMatch
                select authTokens.ClaimedIdentifier).ToArray();
    }

    public override string[] GetAllRoles() {
        return Global.DataContext.Role.Select(role => role.Name).ToArray();
    }

    public override string[] GetRolesForUser(string username) {
        return (from authToken in Global.DataContext.AuthenticationToken
                where authToken.ClaimedIdentifier == username
                from role in authToken.User.Roles
                select role.Name).ToArray();
    }

    public override string[] GetUsersInRole(string roleName) {
        return (from role in Global.DataContext.Role
                where string.Equals(role.Name, roleName, StringComparison.OrdinalIgnoreCase)
                from user in role.Users
                from token in user.AuthenticationTokens
                select token.ClaimedIdentifier).ToArray();
    }

    public override bool IsUserInRole(string username, string roleName) {
        Role role = Global.DataContext.Role.SingleOrDefault(r => string.Equals(r.Name, roleName, StringComparison.OrdinalIgnoreCase));
        if (role != null) {
            return role.Users.Any(user => user.AuthenticationTokens.Any(token => token.ClaimedIdentifier == username));
        }

        return false;
    }

    public override bool RoleExists(string roleName) {
        return Global.DataContext.Role.Any(role => string.Equals(role.Name, roleName, StringComparison.OrdinalIgnoreCase));
    }
}

First of all, good for you for not using a membership provider. That just doesn't work well with OpenID.

To make roles work without a membership provider, you need to implement your own class that derives from System.Web.Security.RoleProvider. It's completely departed from authentication, which makes it easy for you. You just need to store with each of your users in your database which roles they belong to, and then your RoleProvider interacts with that database.

Once you write your role provider class, wire it up with this in your web.config file. This snippet should appear within your system.web section.

<roleManager enabled="true" defaultProvider="Database">
    <providers>
        <add name="Database" type="MyRoleProvider" />
    </providers>
</roleManager>

Here's one role provider I wrote for an OpenID web application. It's written using Linq to Entities, but you can get the idea and implement it to work against your database.

public class MyRoleProvider : RoleProvider {
    public override string ApplicationName {
        get { throw new NotImplementedException(); }
        set { throw new NotImplementedException(); }
    }

    public override void AddUsersToRoles(string[] usernames, string[] roleNames) {
        var users = from token in Global.DataContext.AuthenticationToken
                    where usernames.Contains(token.ClaimedIdentifier)
                    select token.User;
        var roles = from role in Global.DataContext.Role
                    where roleNames.Contains(role.Name, StringComparer.OrdinalIgnoreCase)
                    select role;
        foreach (User user in users) {
            foreach (Role role in roles) {
                user.Roles.Add(role);
            }
        }
    }

    public override void RemoveUsersFromRoles(string[] usernames, string[] roleNames) {
        var users = from token in Global.DataContext.AuthenticationToken
                    where usernames.Contains(token.ClaimedIdentifier)
                    select token.User;
        var roles = from role in Global.DataContext.Role
                    where roleNames.Contains(role.Name, StringComparer.OrdinalIgnoreCase)
                    select role;
        foreach (User user in users) {
            foreach (Role role in roles) {
                user.Roles.Remove(role);
            }
        }
    }

    public override void CreateRole(string roleName) {
        Global.DataContext.AddToRole(new Role { Name = roleName });
    }

    /// <summary>
    /// Removes a role from the data source for the configured applicationName.
    /// </summary>
    /// <param name="roleName">The name of the role to delete.</param>
    /// <param name="throwOnPopulatedRole">If true, throw an exception if <paramref name="roleName"/> has one or more members and do not delete <paramref name="roleName"/>.</param>
    /// <returns>
    /// true if the role was successfully deleted; otherwise, false.
    /// </returns>
    public override bool DeleteRole(string roleName, bool throwOnPopulatedRole) {
        Role role = Global.DataContext.Role.SingleOrDefault(r => r.Name == roleName);
        if (role == null) {
            return false;
        }

        if (throwOnPopulatedRole && role.Users.Count > 0) {
            throw new InvalidOperationException();
        }

        Global.DataContext.DeleteObject(roleName);
        return true;
    }

    /// <summary>
    /// Gets an array of user names in a role where the user name contains the specified user name to match.
    /// </summary>
    /// <param name="roleName">The role to search in.</param>
    /// <param name="usernameToMatch">The user name to search for.</param>
    /// <returns>
    /// A string array containing the names of all the users where the user name matches <paramref name="usernameToMatch"/> and the user is a member of the specified role.
    /// </returns>
    public override string[] FindUsersInRole(string roleName, string usernameToMatch) {
        return (from role in Global.DataContext.Role
                where role.Name == roleName
                from user in role.Users
                from authTokens in user.AuthenticationTokens
                where authTokens.ClaimedIdentifier == usernameToMatch
                select authTokens.ClaimedIdentifier).ToArray();
    }

    public override string[] GetAllRoles() {
        return Global.DataContext.Role.Select(role => role.Name).ToArray();
    }

    public override string[] GetRolesForUser(string username) {
        return (from authToken in Global.DataContext.AuthenticationToken
                where authToken.ClaimedIdentifier == username
                from role in authToken.User.Roles
                select role.Name).ToArray();
    }

    public override string[] GetUsersInRole(string roleName) {
        return (from role in Global.DataContext.Role
                where string.Equals(role.Name, roleName, StringComparison.OrdinalIgnoreCase)
                from user in role.Users
                from token in user.AuthenticationTokens
                select token.ClaimedIdentifier).ToArray();
    }

    public override bool IsUserInRole(string username, string roleName) {
        Role role = Global.DataContext.Role.SingleOrDefault(r => string.Equals(r.Name, roleName, StringComparison.OrdinalIgnoreCase));
        if (role != null) {
            return role.Users.Any(user => user.AuthenticationTokens.Any(token => token.ClaimedIdentifier == username));
        }

        return false;
    }

    public override bool RoleExists(string roleName) {
        return Global.DataContext.Role.Any(role => string.Equals(role.Name, roleName, StringComparison.OrdinalIgnoreCase));
    }
}

回复收藏 0 原文