asp.net mvc 角色授权不起作用
按照此处的教程进行操作:
http://www.asp. net/mvc/tutorials/authenticating-users-with-windows-authentication-cs
我正在尝试实现 Windows 身份验证和授权。
本地主机上的 IIS 配置为使用 Windows 身份验证。以下是我的 web.config 中的相关元素:
<authentication mode="Windows">
</authentication>
<authorization>
<deny users="?" />
</authorization>
在我的控制器中,我有以下内容:
[Authorize(Roles = "MY_DOMAIN\\SomeGroup")]
public ActionResult Index()
{
IList<CampusListViewModel> campusList = _campusRepository.List(true);
return View("Index", campusList);
}
现在,假设我将 SomeGroup 设置为等于我所属的 AD 组。在这种情况下,授权属性似乎起作用,并且我可以查看该视图。接下来,假设我将 SomeGroup 设置为等于我不是其成员的组...再次,事情似乎正常...我不允许看到该视图。
我知道您在想什么:“否决这个蹩脚的问题……这个失败者还想从授权属性中得到什么?”
问题是,在测试过程中,我将自己从我之前所属的 AD 组中删除了。由于某种原因,当我将 SomeGroup 设置为等于该组时,我仍然能够看到视图。
使用 User 对象的 IsInRole 方法,如下所示:
@User.IsInRole("MY_DOMAIN\\GroupINoLongerBelongTo")
输出“TRUE”。所以,某个地方的某些东西仍然认为我在那个 AD 组中。我们有三个域控制器,我检查了每个域控制器以验证我不在该组中,以防万一跨控制器的复制出现问题,而这似乎不是问题。
我缺少什么? IIS 是否缓存此类内容?我尝试过重新启动 IIS 并重新启动服务器,但无济于事...有什么想法吗?
更新:此问题现已解决。我做了下面 @artem 建议的两项更改,但似乎都不起作用。然后我一气之下关掉了电脑,然后去吃午饭了。当我一小时后返回并打开电脑电源时,一切开始正常工作。因此,结合 @artme 的建议和重新启动解决了这个问题。
我想我午餐吃的绿色智利卷饼也不能排除......
Following the tutorial here:
http://www.asp.net/mvc/tutorials/authenticating-users-with-windows-authentication-cs
I am trying to implement windows authentication and authorization.
IIS on Localhost is configured to use windows authentication. Here are the relevant elements from my web.config:
<authentication mode="Windows">
</authentication>
<authorization>
<deny users="?" />
</authorization>
In my controller, I have this:
[Authorize(Roles = "MY_DOMAIN\\SomeGroup")]
public ActionResult Index()
{
IList<CampusListViewModel> campusList = _campusRepository.List(true);
return View("Index", campusList);
}
Now, lets say that I set SomeGroup equal to an AD group of which I am a member. In this case, the authorize attribute appears to work and I am allowed to see the view. Next, lets say that I set SomeGroup equal to a group of which I am not a member... again, things seem to be working... I am not allowed to see the view.
I know what you are thinking: "Down-vote this lame question... what more does this loser want from the authorize attribute?"
The problem is that, in the course of my testing, I removed myself from an AD group which I was previously a member of. For some reason, I am still able to see the view when I set SomeGroup equal to that group.
Using the IsInRole method of the User object as seen below:
@User.IsInRole("MY_DOMAIN\\GroupINoLongerBelongTo")
outputs "TRUE". So, something, somewhere, still thinks I'm in that AD group. We have three domain controllers and I've checked each one to verify that I'm not in the group, just in case there was a problem with replication across the controllers and that doesn't seem to be the problem.
What am I missing? Does IIS cache this sort of thing? I've tried restarting IIS and rebooting the server to no avail... any ideas?
UPDATE: This is now resolved. I made both of the changes suggested by @artem below and neither of them seemed to work. I then turned off my computer in a fit of pique and stomped off to lunch. When I returned an hour later and powered up my pc, things started working. So, some combination of @artme's suggestions and a reboot sovlved this.
I guess the green chile burrito I ate at lunch can't be ruled out either...
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您是否将 CacheRolesInCookie 设置为 false ?另外,请查看此解决方案。
Have you CacheRolesInCookie set to false? Also, check out this solution.