我正在尝试在 Web 应用程序中实现基于声明的安全性。我有一个像这样的课。
public class AuthorisationManager : ClaimsAuthorizationManager
{
public override bool CheckAccess(AuthorizationContext context)
{
//if (context.Principal.Identity.IsAdmin())
// return true;
var resource = context.Resource.First().Value;
var action = context.Action.First().Value;
return context.Principal.HasClaim(resource, action);
}
public override void LoadCustomConfiguration(System.Xml.XmlNodeList nodelist)
{
base.LoadCustomConfiguration(nodelist);
}
}
我有 CustomPrinciple 喜欢
public class CustomPrinciple : ClaimsPrincipal
{
public CustomPrinciple(IIdentity identity)
: base(identity)
{
}
}
它总是返回 false,因为它context.Principal
是 WindowsPrinciple。我试图在 Globas.asax.cs 中设置它
protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
{
HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie != null)
{
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
PermissionManager mgr = new PermissionManager();
mgr.CheckUserAccess("", "");
mgr.LoadPermissionModel("XYZ");
HttpContext.Current.User = mgr.LoadPermissionModel("ABC");
Thread.CurrentPrincipal = HttpContext.Current.User;
AppDomain.CurrentDomain.SetThreadPrincipal(Thread.CurrentPrincipal);
}
}
我怎样才能改变它,以便我可以CustomPrinciple
进入CheckAccess(AuthorizationContext context)
谢谢