MVC3 表单身份验证:部分视图中特定于角色的可见项
我刚刚使用表单身份验证设置了 MVC 应用程序,除了我的 _LogOnPartial 视图之外,一切都非常好。 “欢迎[注销]”工作正常,但是,我还需要根据用户的角色显示特定于角色的文本或下拉选择器。
只要用户在当前会话期间登录,这种方法就可以正常工作,因为我使用 cookie 来保存角色,并在发生任何操作之前在控制器中使用 User.IsInRole() 进行验证。
如果用户选择“记住我”,则此操作不起作用,因为会话启动时,没有包含该角色的 cookie,因此也没有包含可见项目的 cookie。
有没有一种简单的方法可以在部分视图中检查User.IsInRole()?
这是我的观点:
<div id="LogInContainer">
@if (Request.IsAuthenticated)
{
<div class="InLine" id="WelcomeDisplay">
<text>Welcome <b>@Context.User.Identity.Name</b>! [ @Html.ActionLink("Log Off", "LogOff", "Account")
]
</text>
</div>
<div id="clientDropDown">
@{
var requestCookie = Request.Cookies["Role"];
if (requestCookie != null)
{
if (requestCookie.Value == "Client1")
{
HttpCookie joannCookie = new HttpCookie("Client", "Client1");
Response.Cookies.Add(Client1Cookie);
<text>Client: Client1</text>
}
else if (requestCookie.Value == "Client2")
{
HttpCookie safewayCookie = new HttpCookie("Client", "Client2");
Response.Cookies.Add(Client2Cookie);
<text>Client: Client2</text>
}
else if (requestCookie.Value == "Administrator")
{
@:Client: @Html.DropDownList("Client", new SelectList(ConfigurationHelper.Clients))
}
}
else
{
//Do nothing
}
}
</div>
}
else
{
<div id="LogOnLink">
[ @Html.ActionLink("Log On", "LogOn", "Account") ]
</div>
}
</div>
有没有办法使非身份验证cookie持久化?我对 cookie 很陌生,所以我可能只是无知,但我尝试了谷歌搜索,但没有成功。
I just set up my MVC application with forms authentication and everything is just dandy except for my _LogOnPartial view. The "Welcome [Log Off]" works fine, however, I also have Role specific text or drop-down selector that needs to be displayed depending on the user's role.
This works fine as long as the user has logged in during the current session because I use cookies to hold the role and verify with User.IsInRole() in the Controller before any actions occur.
This does not work if the user selects "Remember me" because when the session starts, there is no cookie containing the role, and thus the visible items.
Is there an easy way to check User.IsInRole()in a partial view?
Here is my View:
<div id="LogInContainer">
@if (Request.IsAuthenticated)
{
<div class="InLine" id="WelcomeDisplay">
<text>Welcome <b>@Context.User.Identity.Name</b>! [ @Html.ActionLink("Log Off", "LogOff", "Account")
]
</text>
</div>
<div id="clientDropDown">
@{
var requestCookie = Request.Cookies["Role"];
if (requestCookie != null)
{
if (requestCookie.Value == "Client1")
{
HttpCookie joannCookie = new HttpCookie("Client", "Client1");
Response.Cookies.Add(Client1Cookie);
<text>Client: Client1</text>
}
else if (requestCookie.Value == "Client2")
{
HttpCookie safewayCookie = new HttpCookie("Client", "Client2");
Response.Cookies.Add(Client2Cookie);
<text>Client: Client2</text>
}
else if (requestCookie.Value == "Administrator")
{
@:Client: @Html.DropDownList("Client", new SelectList(ConfigurationHelper.Clients))
}
}
else
{
//Do nothing
}
}
</div>
}
else
{
<div id="LogOnLink">
[ @Html.ActionLink("Log On", "LogOn", "Account") ]
</div>
}
</div>
Is there a way to make nonauth cookies persistent? I'm new to cookies so I may just be ignorant, but I tried a google search with no luck.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
将 cookie 的过期日期设置为未来的日期以使其持久化。如果您不设置过期日期,则它是所谓的“会话 cookie”或“非持久”cookie,浏览器不会将其存储在磁盘上,并且仅在您使用同一浏览器会话时才会保留。如果你想“永远”保留cookie,你仍然必须选择一个日期,你唯一能做的就是选择一个“足够远”的未来到期日期(例如当前日期加上一个大的恒定时间跨度) 。
但是,在持久 cookie 中存储身份验证或授权信息时应非常小心!默认情况下,ASP.NET 使用会话 cookie 进行身份验证,因为保留此类 cookie 会带来严重的安全风险。
Set the expiration of the cookie to a future date to make it persistent. If you don't set the expiration date it is a so called "session cookie" or "non-persistent" cookie that is not stored on disk by the browser and kept only as long as you use the same browser session. If you want to keep the cookie "forever" you still have to pick a date, the only thing you can do is that you pick an expiration date "far enough" in the future (e.g. the current date plus a big constant time span).
However, you should be very careful about storing authentication or authorization information in a persistent cookie! By default ASP.NET uses session cookies for authentication, because persisting such a cookie is a serious security risk.