0

我正在尝试在 Web 应用程序中实现基于声明的安全性。我有一个像这样的课。

public class AuthorisationManager : ClaimsAuthorizationManager
{
    public override bool CheckAccess(AuthorizationContext context)
    {
        //if (context.Principal.Identity.IsAdmin())
        //    return true;
        var resource = context.Resource.First().Value;
        var action = context.Action.First().Value;
        return context.Principal.HasClaim(resource, action);
    }
    public override void LoadCustomConfiguration(System.Xml.XmlNodeList nodelist)
    {
        base.LoadCustomConfiguration(nodelist);
    }
}

我有 CustomPrinciple 喜欢

 public class CustomPrinciple  : ClaimsPrincipal
{
    public CustomPrinciple(IIdentity identity)
        : base(identity)
    {
    }
}

它总是返回 false,因为它context.Principal是 WindowsPrinciple。我试图在 Globas.asax.cs 中设置它

 protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
    {
        HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];

        if (authCookie != null)
        {
            FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);

            PermissionManager mgr = new PermissionManager();
            mgr.CheckUserAccess("", "");
            mgr.LoadPermissionModel("XYZ");

            HttpContext.Current.User = mgr.LoadPermissionModel("ABC");
            Thread.CurrentPrincipal = HttpContext.Current.User;
            AppDomain.CurrentDomain.SetThreadPrincipal(Thread.CurrentPrincipal);
        }
    }

我怎样才能改变它,以便我可以CustomPrinciple进入CheckAccess(AuthorizationContext context)

谢谢

4

1 回答 1

2

(建议的答案被接受):

我猜你<authorization mode="Windows">在你的 web.config 中而不是Formsor None(两者都应该使用基于声明的身份验证)。

于 2013-02-26T08:06:22.160 回答