我想像这样使用基于规则的身份验证和授权:
用户控制器:
string roles = "edit,admin";
var authTicket = new FormsAuthenticationTicket(1, user.UserName, DateTime.Now, DateTime.Now.AddDays(30), user.RememberMe, roles, "/");
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(authTicket));
Response.Cookies.Add(cookie);
全球.asax.cs:
protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
{
HttpCookie authCookie = Context.Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie != null)
{
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
string[] roles = authTicket.UserData.Split(new Char[] { ',' });
GenericPrincipal userPrincipal = new GenericPrincipal(new GenericIdentity(authTicket.Name), roles);
Context.User = userPrincipal;
}
}
然后我可以使用属性[Authorize(Roles = "edit")]来限制访问。
这工作得很好!
现在到实际问题:
我在一些 JS 文件中使用 jQuery-Cookie,但无法覆盖旧的 cookie。这以前有效,但现在每次我调用此代码而不是覆盖旧 cookie时,都会创建一个具有相同名称和路径的新 cookie。
$.cookie("grid_filter_data", $grid[0].p.postData.filters, { expires: 365, path: "/" });
知道这里发生了什么吗?