我一直在学习如何从一些教程中实现 CustomRoleProvider 并设法实现了以下两种主要方法
public override string[] GetRolesForUser(string userName)
{
string connectionString =
ConfigurationManager.ConnectionStrings["myDb"].ConnectionString;
DataContext context = new DataContext(connectionString);
Table<UserObj> usersTable = context.GetTable<UserObj>();
UserObj userObj = usersTable.SingleOrDefault(u => u.UserName == userName);
string roleId = userObj.UserRoleID;
if (roleId != null)
return roleId.Select(c => c.ToString()).ToArray();
else
return new string[] { };
}
public override bool IsUserInRole(string userName, string roleName)
{
string connectionString =
ConfigurationManager.ConnectionStrings["myDb"].ConnectionString;
DataContext context = new DataContext(connectionString);
Table<UserObj> usersTable = context.GetTable<UserObj>();
UserObj userObj = usersTable.SingleOrDefault(u => u.UserName == userName);
if (userObj != null)
{
string roleId = userObj.UserRoleID;
if (roleId.Equals(roleName))
return true;
}
return false;
}
然后我在控制器的索引方法上添加了 [Authorize(Roles = "admin")],我希望只有管理员可以访问。当我尝试访问该页面时,它似乎执行了一个限制,例如,如果我输入了 url:
http://localhost:60353/module
..它把我重定向到
http://localhost:60353/Account/LogOn?ReturnUrl=%2fmodule
但是,角色似乎没有被检查。
我在这里做错了什么?