刷新 ASP.NET 角色提供程序

发布于 2024-08-16 21:05:16 字数 236 浏览 7 评论 0原文

简单的问题...

假设我有一个 ASP.NET 站点,它使用[自定义] RoleProvider,
有什么方法可以让我以某种方式“刷新”提供程序,而无需强制用户注销网站并重新登录?

我正在寻找类似于虚构方法的东西

Roles.Refresh()

具体来说,我正在寻找这种方法,如果管理员更改用户的角色,用户会话可能会每 10 分钟或其他时间刷新一次。

simple question...

Given I have an ASP.NET site, which uses a [custom] RoleProvider,
Is there any way in which I can somehow "refresh" the provider without forcing the user to log out of the site and log back in?

I'm looking for something that would be akin to a fictional method

Roles.Refresh()

Specifically, I am looking at this for if an administrator changes a user's roles, the user sessions could maybe refresh themselves every 10 minutes or something.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

九厘米的零° 2024-08-23 21:05:16

我假设您的 web.config 中有类似的内容:

<roleManager enabled="true" defaultProvider="..." 
             cacheRolesInCookie="true">

角色为 缓存在 cookie 中,因此您可以通过 删除 cookie。这个方法对我有用。我添加了 cookieName 属性,这样我就不会依赖 asp.net 的默认值。不过,对于您的场景,您可能只需将 cookieTimeout 属性设置为合理的值即可完成。

当然,此方法不会立即更新角色。删除 cookie 后,它们将在下一个页面加载时更新。

I assume you have something like this in your web.config:

<roleManager enabled="true" defaultProvider="..." 
             cacheRolesInCookie="true">

The roles are cached in a cookie , so you can force them to refresh by deleting the cookie. This method worked for me. I added the cookieName attribute so that I don't rely on asp.net's default. For your scenario, though, you may be able to just set the cookieTimeout attribute to something reasonable and be done with it.

This method won't update the roles immediately, of course. They will be updated on the next page load after you delete the cookie.

水水月牙 2024-08-23 21:05:16

刷新只需删除 cookie:

对于 C#: Roles.DeleteCookie(); // Works as Roles.Refresh()

Refresh just need to delete the cookie:

For C#: Roles.DeleteCookie(); // Works as Roles.Refresh()

流云如水 2024-08-23 21:05:16

如果您不想使用 cookie,您可以使用 Session 对象来缓存角色。
像这样:

        public override string[] GetRolesForUser(string username)
    {
        System.Web.SessionState.HttpSessionState Session = HttpContext.Current.Session;
        if (Session["roles"] == null)
                Session["roles"] = MyDataProvider.Security.GetRolesForUser(username);
        return (string[])Session["roles"];
    }

当您需要更新该用户的角色时,您可以这样做

Session["roles"] = null

If you don't want to use cookies you can use Session object to cache the roles.
like this:

        public override string[] GetRolesForUser(string username)
    {
        System.Web.SessionState.HttpSessionState Session = HttpContext.Current.Session;
        if (Session["roles"] == null)
                Session["roles"] = MyDataProvider.Security.GetRolesForUser(username);
        return (string[])Session["roles"];
    }

When you need to update the roles for this user you can do

Session["roles"] = null
笑,眼淚并存 2024-08-23 21:05:16

取决于所使用的自定义角色提供程序。

只需对每个请求调用“更新我的角色”功能? (不好的方法,但至少你确定更新它)

depend on the custom role provider used.

Just call a "update my role" function on every request? (bad way but at least your sure to update it)

向地狱狂奔 2024-08-23 21:05:16

这些角色缓存在 cookie 中(当然是加密的)。最简单的解决方案是在 web.config 文件中禁用缓存。你会失去一些性能。

否则,您必须以某种方式重新发送身份验证 cookie。一个主要问题是许多浏览器不接受使用 post 方法重定向的 cookie。

对我有用的另一个解决方案:

1)在 aspx 方法中,注销用户并将用户名存储在会话中

//将用户添加到角色审阅者并刷新票证

Roles.AddUserToRole(User.Identity.Name, Constants.ROLE_REVISOR);
FormsAuthentication.SignOut();
FormsAuthentication.SetAuthCookie(User.Identity.Name, false); //Might work in some browsers
Session["REFRESHROLES"] = User.Identity.Name;
Response.Redirect("someprotectedurl?someid=" + someid);

2)在登录页面中,如果用户名存储在,则再次登录用户会议

protected void Page_Load(object sender, EventArgs e)
{
   string returnUrl = Request.QueryString["ReturnUrl"];
   if(String.IsNullOrEmpty(returnUrl) == false)
   {

         if(Session["REFRESHROLES"] != null)
         {
            if(!string.IsNullOrEmpty(Session["REFRESHROLES"].ToString()))
            {

               FormsAuthentication.SetAuthCookie(Session["REFRESHROLES"].ToString(), false);
               Session.Remove("REFRESHROLES");
               Response.Redirect(returnUrl);  
               return;
            }
         }

The roles are cached in a cookie (encrypted of course). The simplest solution will be to disable caching in the web.config file. You will loose some performance.

Else you must somehow resend the auth cookie. One major problem is that many browsers will not accept cookies on redirects with method post.

The other solution that worked for me:

1) In a aspx methodod log the user out and store the username in the session

//Add User to role reviewer and refresh ticket

Roles.AddUserToRole(User.Identity.Name, Constants.ROLE_REVISOR);
FormsAuthentication.SignOut();
FormsAuthentication.SetAuthCookie(User.Identity.Name, false); //Might work in some browsers
Session["REFRESHROLES"] = User.Identity.Name;
Response.Redirect("someprotectedurl?someid=" + someid);

2) In the loginpage sign the user in again if username is stored in session

protected void Page_Load(object sender, EventArgs e)
{
   string returnUrl = Request.QueryString["ReturnUrl"];
   if(String.IsNullOrEmpty(returnUrl) == false)
   {

         if(Session["REFRESHROLES"] != null)
         {
            if(!string.IsNullOrEmpty(Session["REFRESHROLES"].ToString()))
            {

               FormsAuthentication.SetAuthCookie(Session["REFRESHROLES"].ToString(), false);
               Session.Remove("REFRESHROLES");
               Response.Redirect(returnUrl);  
               return;
            }
         }
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文