asp.net mvc授权问题

发布于 2024-08-19 02:57:07 字数 409 浏览 10 评论 0原文

我正在尝试向我的控制器添加授权,但它不起作用...

我不知道在我的程序中查找哪里,但是

[Authorize] 

在我的控制器中添加过滤器不起作用,更不用说像

[Authorize(Roles = "Manager")]

我已经能够让它工作的 任何东西了在创建新的 MVC 项目时提供的默认应用程序中(即,如果我没有登录,我可以将“关于”选项卡重定向到登录屏幕),所以我认为我已经把事情搞砸了就像我构建我的应用程序一样。有谁知道我应该去哪里解决这个问题?我有用户,他们有角色;我正在使用自动创建的 ASP.net 架构;我已经检查了我的 web.config 文件,虽然我对此很陌生,但似乎没有什么不合适的地方。我不知道为什么我的授权过滤器不起作用。?

I am trying to add authorization to my controllers and it's not working...

I am not sure where to look in my program, but adding the

[Authorize] 

filter in my controller is not working, let alone anything like

[Authorize(Roles = "Manager")]

I have been able to get this working in the default application that is provided when creating a new MVC project (i.e., I am able to make the "about" tab redirect to the login screen if I'm not logged in), so I assume I have mucked things up along the way as I've built my app. Does anyone know where I should be looking to fix this? I have users and they have roles; I'm using the ASP.net schema that is auto-created; I've examined my web.config file up and down and although I'm pretty new to this, nothing seems to be out of place. I have no clue why my authorization filters aren't working.?.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

嘿哥们儿 2024-08-26 02:57:07

我写了一个自定义属性来解决这个问题。您可以按如下方式对控制器方法进行属性:

[RequiresRole(Role="Admin")]
public ActionResult Index()
{
    int i = 5 + 5;

    return View();
}

属性的代码如下......

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.Web.Security;

namespace Web.Controllers
{
    public class RequiresRoleAttribute : ActionFilterAttribute
    {
        public string Role { get; set; }

        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            if (string.IsNullOrEmpty(Role))
            {
                throw new InvalidOperationException("No role specified.");
            }

            string redirectOnSuccess = filterContext.HttpContext.Request.Url.AbsolutePath;
            string redirectUrl = string.Format("?returnUrl={0}", redirectOnSuccess);
            string loginUrl = FormsAuthentication.LoginUrl + redirectUrl;

            if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
            {
                filterContext.HttpContext.Response.Redirect(loginUrl, true);
            }
            else
            {
                bool isAuthorised = filterContext.HttpContext.User.IsInRole(this.Role);
                if (!isAuthorised)
                {                        
                    filterContext.HttpContext.Response.Redirect(loginUrl, true);
                }                
            }  
        }      
    }
}

I wrote a custom attribute to solve this problem. You can attribute your controller methods as follows:

[RequiresRole(Role="Admin")]
public ActionResult Index()
{
    int i = 5 + 5;

    return View();
}

The code for the attribute is as follows....

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.Web.Security;

namespace Web.Controllers
{
    public class RequiresRoleAttribute : ActionFilterAttribute
    {
        public string Role { get; set; }

        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            if (string.IsNullOrEmpty(Role))
            {
                throw new InvalidOperationException("No role specified.");
            }

            string redirectOnSuccess = filterContext.HttpContext.Request.Url.AbsolutePath;
            string redirectUrl = string.Format("?returnUrl={0}", redirectOnSuccess);
            string loginUrl = FormsAuthentication.LoginUrl + redirectUrl;

            if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
            {
                filterContext.HttpContext.Response.Redirect(loginUrl, true);
            }
            else
            {
                bool isAuthorised = filterContext.HttpContext.User.IsInRole(this.Role);
                if (!isAuthorised)
                {                        
                    filterContext.HttpContext.Response.Redirect(loginUrl, true);
                }                
            }  
        }      
    }
}
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文