ASP.NET 角色信息未保留
我有一个 ASP.NET Webforms 网站,它使用 .NET MySql 连接器和 MySql 作为后端。我正在使用基于角色的身份验证来保护我网站的某些区域。问题是,在我将站点移动到服务器后,用户的角色信息没有被保留(在我的本地开发计算机上工作正常)。发生的情况是,我可以使用登录控件登录,该控件在验证用户身份后将我定向到管理区域。此时 User.IsInRole("admin") 为 true。但是,当我单击链接转到管理部分中的其他页面时,User.IsInRole("admin") 为 false。
Web.config
<membership defaultProvider="MySqlMembershipProvider" userIsOnlineTimeWindow="15">
<providers>
<remove name="MySQLMembershipProvider"/>
<add name="MySQLMembershipProvider" type="MySql.Web.Security.MySQLMembershipProvider, MySql.Web, Version=6.2.2.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" connectionStringName="LocalMySqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="/" requiresUniqueEmail="true" passwordFormat="Clear" maxInvalidPasswordAttempts="3" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="3" passwordStrengthRegularExpression="" autogenerateschema="true"/>
</providers>
</membership>
<profile>
<providers>
<remove name="MySQLProfileProvider"/>
<add name="MySQLProfileProvider" type="MySql.Web.Profile.MySQLProfileProvider, MySql.Web, Version=6.2.2.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" connectionStringName="LocalMySqlServer" applicationName="/"/>
</providers>
</profile>
<roleManager enabled="true" defaultProvider="MySqlRoleProvider">
<providers>
<remove name="MySqlRoleProvider"/>
<add name="MySqlRoleProvider" type="MySql.Web.Security.MySQLRoleProvider, MySql.Web, Version=6.2.2.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" connectionStringName="LocalMySqlServer" applicationName="/"/>
</providers>
</roleManager>
全局.asax
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
if (HttpContext.Current.User != null) {
if (Request.IsAuthenticated == true) {
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(Context.Request.Cookies[FormsAuthentication.FormsCookieName].Value);
// In this case, ticket.UserData = "Admin"
string[] roles = new string[1] { ticket.UserData };
FormsIdentity id = new FormsIdentity(ticket);
Context.User = new System.Security.Principal.GenericPrincipal(id, roles);
}
}
}
I have an ASP.NET webforms website that uses the .NET MySql connector and MySql as a back-end. I'm using role-based authentication to protect certain areas of my site. The problem is that the user's role information is not being persisted after I move my site to the server (works fine on my local development machine). What is happening is that I can login using the logincontrol which directs me to the admin area after authenticating the user. At this point User.IsInRole("admin") is true. But when I click a link to go to a different page in the admin section User.IsInRole("admin") is false.
Web.config
<membership defaultProvider="MySqlMembershipProvider" userIsOnlineTimeWindow="15">
<providers>
<remove name="MySQLMembershipProvider"/>
<add name="MySQLMembershipProvider" type="MySql.Web.Security.MySQLMembershipProvider, MySql.Web, Version=6.2.2.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" connectionStringName="LocalMySqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="/" requiresUniqueEmail="true" passwordFormat="Clear" maxInvalidPasswordAttempts="3" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="3" passwordStrengthRegularExpression="" autogenerateschema="true"/>
</providers>
</membership>
<profile>
<providers>
<remove name="MySQLProfileProvider"/>
<add name="MySQLProfileProvider" type="MySql.Web.Profile.MySQLProfileProvider, MySql.Web, Version=6.2.2.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" connectionStringName="LocalMySqlServer" applicationName="/"/>
</providers>
</profile>
<roleManager enabled="true" defaultProvider="MySqlRoleProvider">
<providers>
<remove name="MySqlRoleProvider"/>
<add name="MySqlRoleProvider" type="MySql.Web.Security.MySQLRoleProvider, MySql.Web, Version=6.2.2.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" connectionStringName="LocalMySqlServer" applicationName="/"/>
</providers>
</roleManager>
Global.asax
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
if (HttpContext.Current.User != null) {
if (Request.IsAuthenticated == true) {
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(Context.Request.Cookies[FormsAuthentication.FormsCookieName].Value);
// In this case, ticket.UserData = "Admin"
string[] roles = new string[1] { ticket.UserData };
FormsIdentity id = new FormsIdentity(ticket);
Context.User = new System.Security.Principal.GenericPrincipal(id, roles);
}
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您在开发中和服务器上使用不同的数据源(我这样做)吗?如果是这样,请确保您的数据同步。仅当您在数据库连接中指定
(local)或.作为服务器时,才可能出现这种情况。否则,输出到日志以查看用户角色是否曾经包含“admin”。
Are you using different data sources in development and on the server (I do)? If so, make sure your data is in sync. This is likely the case only if you specify
(local)or.as the server in your database connection.Otherwise, output to a log to see if the user roles ever contain "admin".
事实证明,问题是我在 web.config 中禁用了整个站点的视图状态。一旦我重新启用视图状态,角色信息似乎会按预期持续存在。
It turns out the problem was that I had disabled viewstate across the entire site in my web.config. Once I re-enabled viewstate the role information seemed to persist as expected.