1

我对如何在我的 asp.net MVC4 razor 项目中使用角色感到困惑。两者有什么区别,主要是,我如何使用授权属性并使其在我检查经过身份验证的用户的角色时转到我的自定义角色提供程序。还是我在这里混淆了?

更具体:

我有一个管理员控制器,其中具有“管理员”角色的用户可以执行 CRUD 操作。在我的控制器中,我应用以下属性:

[Authorize(Roles = "administrator")]
public class OverviewController : Controller

假设授权属性将在后端使用我的客户角色提供程序是否正确?如果是这样,为什么它对我不起作用?

我的自定义角色提供者类的一部分:

public sealed class CustomRoleProvider : RoleProvider
{
    public override void Initialize(string name, NameValueCollection config)
    {
        if (config == null) throw new ArgumentNullException("config");

        if (name.Length == 0) name = "CustomRoleProvider";

        if (String.IsNullOrEmpty(config["description"]))
        {
            config.Remove("description");
            config.Add("description", "Custom Role Provider");
        }

        //Initialize the abstract base class.
        base.Initialize(name, config);

        _applicationName = Helpers.GetConfigValue(config["applicationName"], System.Web.Hosting.HostingEnvironment.ApplicationVirtualPath);
    }

    public override bool IsUserInRole(string email, string roleName)
    {
        bool isValid = false;

        var usersInRole = _unitOfWork.UsersRepository.Get(uir => uir.email == email && uir.Roles.Name == roleName);

        if (usersInRole != null) isValid = true; 

        return isValid;
    }

我在做什么不正确?当一个用户被正确地认证时,他或她怎么能像这样:

    [HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    public ActionResult LoginValidate(Authentication authentication, string returnUrl)
    {
        string email    = authentication.email;
        string password = authentication.password;
        bool rememberMe = authentication.rememberMe;
        if(string.IsNullOrEmpty(returnUrl)) returnUrl = "/";

        //If the filled in fields are validated against the attributes
        if (ModelState.IsValid)
        {
            if (MembershipService.ValidateUser(email, password))
            {
                FormsService.SignIn(email, rememberMe);

                return RedirectToAction("Index", "Home", new { area="" });
            }

            ModelState.AddModelError("", Resources.Resources.Error_incorrect_emailPassword);

        }   

        // Add the ModelState dictionary to TempData here.
        TempData["ModelState"] = ModelState;

        return RedirectToAction("index", "Home", new { area="" });
    }

从我的自定义角色提供者那里检查他或她的授权?

编辑

我的 web.config:

<roleManager enabled="true" defaultProvider="CustomRoleProvider" cacheRolesInCookie="true" >
  <providers>
    <clear />
    <add name="CustomRoleProvider" type="ArtWebShop.Common.CustomRoleProvider" connectionStringName="ArtWebshopEntities" applicationName="/" />
  </providers>
</roleManager>

  <membership defaultProvider="CustomMembershipProvider">
  <providers>
    <clear />
    <add name="CustomMembershipProvider" type="ArtWebShop.Common.CustomMembershipProvider" connectionStringName="ArtWebshopEntities" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="0" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
  </providers>
</membership>

编辑二

    public override bool ValidateUser(string email, string password)
    {
        string salt = _unitOfWork.UsersRepository.GetSalt(email);
        string hashedPassword = Helpers.CreatePasswordHash((password), salt);

        return _unitOfWork.UsersRepository.UserIsValid(email, hashedPassword);

    }
4

1 回答 1

1

假设授权属性将在后端使用我的客户角色提供程序是否正确?

是的。

如果是这样,为什么它对我不起作用?

您可能忘记在 web.config 中注册此自定义角色提供程序并将其设为此应用程序的默认提供程序:

<roleManager defaultProvider="CustomRoleProvider" enabled="true">
    <providers>
        <clear />
        <add 
            name="CustomRoleProvider"
            type="Somenamespace.CustomRoleProvider"
        />
    </providers>
</roleManager>
于 2013-02-23T18:07:59.800 回答