[英]Forms Authentication User.IsInRole(), Authorize attribute - not working on production server
sorry for my poor english. 对不起,我英语不好。
The Facts: 事实:
My implementation follows this concept ! 我的实现遵循这个概念 ! + See Code below + 请参阅下面的代码
Everything works well on 一切顺利
until I deployed the App to a 直到我将应用程序部署到
I have issues with the roles 我的角色有问题
is not working properly. 无法正常工作。
Here are some code snippets + debug output 这是一些代码片段+调试输出
Helper Class 助手类
public static class UserHelper
{
public static bool IsAdmin(this ViewUserControl pg)
{
// @TODO Delete (Glimpse output)
string s = HttpContext.Current.User.IsInRole("admin") ? "UserHelper.IsAdmin() IsInRole() == true" : "UserHelper.IsAdmin() Application_AuthenticateRequest IsInRole() == false";
string b = pg.Page.User.IsInRole("admin") ? "UserHelper.IsAdmin() IsInRole() == true" : "UserHelper.IsAdmin() Application_AuthenticateRequest IsInRole() == false";
Trace.Write(s);
Trace.Write(b);
var id = HttpContext.Current.User.Identity as FormsIdentity;
Trace.Write("UserHelper.isAdmin(): UserData"+id.Ticket.UserData);
// ============================
return HttpContext.Current.User.IsInRole("admin");
}
}
Global.asax.cs Global.asax.cs
public class MvcApplication : HttpApplication
{
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
if (HttpContext.Current.User == null) return;
if (!HttpContext.Current.User.Identity.IsAuthenticated) return;
if (!(HttpContext.Current.User.Identity is FormsIdentity)) return;
var id = HttpContext.Current.User.Identity as FormsIdentity;
var userState = new UserState();
userState.FromString(id.Ticket.UserData);
HttpContext.Current.User = new GenericPrincipal(id, userState.Rollen.Split(new[] { ',' }));
// @TODO Delete (Glimpse output)
Trace.Write("Global.asax.cs -> Application_AuthenticateRequest Userdata: "+id.Ticket.UserData);
string s = HttpContext.Current.User.IsInRole("admin") ? "Global.asax.cs -> Application_AuthenticateRequest IsInRole() == true" : "Global.asax.cs -> Application_AuthenticateRequest IsInRole() == false";
Trace.Write(s);
}
AccountController.cs (Example) AccountController.cs (示例)
[Authorize(Roles = "member,admin")]
[UserActive]
public ActionResult ChangePassword()
{
return View();
}
FormAuthService.cs FormAuthService.cs
public class FormAuthService : IFormsAuthentication
{
public void Login(string userName, bool createPersistentCookie, IEnumerable<string> roles, int? userID = null)
{
var str = string.Join(",", roles);
var userData = new UserState
{
Benutzername = userName,
ID = userID.HasValue ? userID.Value : 0,
Rollen = str,
IsAdmin = str.Split(',').Contains("admin")
};
var authTicket = new FormsAuthenticationTicket(
1,
userName,
DateTime.Now,
DateTime.Now.AddDays(30),
createPersistentCookie,
userData.ToString(),
"/"
);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(authTicket));
if (authTicket.IsPersistent)
cookie.Expires = authTicket.Expiration;
HttpContext.Current.Response.Cookies.Add(cookie);
}
}
I was debugging my code with Glimpse. 我正在使用Glimpse调试代码。 What I'm trying to achieve is the first screenshot... 我想要实现的是第一个屏幕截图...
In my UserHelper Class and all other Classes with the Attribute [Authorize] it works locally with this Setup. 在我的UserHelper类和所有其他具有属性[Authorize]的类中,它在此安装程序中本地工作。
But when I deploy the Application to my Remote IIS it doesn't recognize that I'm logged in as admin (I'm logged in but the roles aren't working). 但是,当我将应用程序部署到远程IIS时,它无法识别我以admin身份登录(我已登录,但角色不起作用)。 You can see, in the second screenshot the UserData with "admin" is there but the IsInRole Method fails.... 您可以在第二个屏幕快照中看到带有“ admin”的UserData,但是IsInRole方法失败。
Screenshots: 屏幕截图:
localhost http://s13.postimg.org/o9uqhlv6v/wi_local_glimpse_works.png 本地主机 http://s13.postimg.org/o9uqhlv6v/wi_local_glimpse_works.png
Remote Server http://s9.postimg.org/pcavzvczj/wi_local_glimpse_works23.png 远程服务器 http://s9.postimg.org/pcavzvczj/wi_local_glimpse_works23.png
What I'm missing? 我想念的是什么? Anyone experienced the same problem? 有人遇到过同样的问题吗?
ok I solved it myself, This post got me on the right track. 好的,我自己解决了这个问题, 这篇文章使我走上了正确的路。
One problem was, that I couldn't change the directory permissions for the Application Pool User in the Default Web Site 一个问题是,我无法在默认网站中更改应用程序池用户的目录权限
So I created a New Website in IIS 7.5 and deployed my Application again. 因此,我在IIS 7.5中创建了一个新网站 ,然后再次部署了我的应用程序。
Then I checked the permission for the application pool User to the directory. 然后,我检查了目录对应用程序池用户的权限。
D:\webapplication -> right click -> Properties -> Security -> allow modify
for the Application Pool User.
Last I got some error for some .dll's missing (really don't know why). 最后,由于缺少某些.dll,我遇到了一些错误(真的不知道为什么)。 So I upgraded my ASP.NET MVC 3 Application to MVC 4 and everything works now (local and remote). 因此,我将 ASP.NET MVC 3应用程序升级到MVC 4,现在一切正常(本地和远程)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.