1

我有一个 MVC4 站点,最近注意到一些关于角色的意外行为,我确定这是我误解或忽视的事情,但我还看不到问题,所以这里是;

在登录时,我创建了一个 authticket,包括 Userdata 中的角色信息。

在 Application_AuthenticateRequest 中,我检索角色数据并将其分配给 CurrentUser。

尽管我怀疑我应该使用 Authorize 机制,但谁能明白为什么当我稍后检查 User.IsInRole() 时它会超时尝试访问 SqlServer 大概是因为它认为它正在充当 RoleProvider(它未在配置中设置),为什么它不只是从 Global.asax 中分配的当前用户那里获取它吗?

TIA,丹

[从我的 Application_AuthenticateRequest 中截取]

try
        {
            if (HttpContext.Current.User != null && HttpContext.Current.User.Identity.IsAuthenticated)
            {
                var currentUser = HttpContext.Current.User;
                var formsId = currentUser.Identity as FormsIdentity;
                var ticket = formsId.Ticket;
                string userData = ticket.UserData;

                var rolesString = userData.GetValueFromKeyValuePairs<string>("roles", "|");
                var rolesList = rolesString.SplitAndType<string>("|").Select(s => s.ToLower().Replace(" ", ""));

                if (rolesList.Count() > 0)
                {
                    HttpContext.Current.User = new GenericPrincipal(new GenericIdentity(ticket.Name), rolesList.ToArray());
                }
            }
        }
        catch (Exception ex)
        {
            if (Debugger.IsAttached)
            {
                throw ex;
            }
        }
4

1 回答 1

0

Ok, so I was setting the User roles at the wrong point in the lifecycle and they were being overwritten, moving the code verbatim to this event ensures it is not overwritten.

Application_PostAuthenticateRequest(Object sender, EventArgs e)
于 2013-08-19T16:31:59.983 回答