ASP.NET身份检查用户角色不起作用
[英]ASP.NET Identity check user roles is not working
问题描述
I have an ASP.NET MVC 5 application. 
我有一个ASP.NET MVC 5应用程序。 I'm using the standard ASP.NET Identity provider for user and role management. 我正在使用标准的ASP.NET身份提供程序进行用户和角色管理。 It is important that I'm using the IdentityUser from an own repository project, but this seems ok. 重要的是我从自己的存储库项目中使用IdentityUser,但这似乎没问题。 I can register, login, edit users, and manage their roles. 我可以注册,登录,编辑用户和管理他们的角色。
I add user to Role with these lines: 我使用以下行将用户添加到Role:
UserManager.AddToRole(userdetail.Id, r);
db.Entry(userdetail).State = EntityState.Modified;
db.SaveChanges();
This seems working in DB level. 这似乎在DB级别工作。
But, I can't use Role based authentications, actually the simples 但是,我不能使用基于角色的身份验证,实际上就是简单
HttpContext.User.IsInRole("Administrator")
doesn't working too. 不起作用。
[Authorize(Roles="Administrator")]
doesn't working too. 不起作用。
I can check only with this method, whether user is an administrator: 我只能用这种方法检查用户是否是管理员:
UserManager.IsInRole(userID, "Administrator").
Why? 为什么?
In every tutorial what I found, everything works fine. 在我发现的每个教程中,一切正常。 The different project repository could be the reason? 可能是不同的项目存储库? Or ASP.NET Identity is broken so much? 或者ASP.NET身份这么多?
Please advice, 请指教,
3 个解决方案
解决方案1
23 2014-04-09 14:30:45
In that case you need to logout and login the user again. 在这种情况下,您需要注销并再次登录用户。
Because the roles data is also stored in cookies, So you must issue the cookie again to work it. 由于角色数据也存储在cookie中,因此您必须再次发出cookie才能使用它。
解决方案2
16 已采纳 2013-11-22 06:37:45
There seems to be an issue. 似乎有一个问题。 [The issue by design] [设计问题]
- The role names are case sensitive in AuthorizeAttribute and User.IsInRole 角色名称在AuthorizeAttribute和User.IsInRole中区分大小写
- The role names are case insensitive in UserManager.IsInRole UserManager.IsInRole中的角色名称不区分大小写
Moreover, check for the correct role name is used for the verification. 此外,检查用于验证的正确角色名称。
[The above is based on the test performed with below code. [以上是基于以下代码进行的测试。 Role Name="Admin", User is added to Role "Admin".] 角色名称=“管理员”,用户被添加到角色“管理员”。]
[Authorize(Roles="Admin")] /*True as "Admin" has A capital as entered in Role name*/
public ActionResult Secured()
{
if (User.IsInRole("admin")) /*This is False*/
{
Console.WriteLine("In");
}
if(UserManager.IsInRole(User.Identity.GetUserId(), "admin")) /*This is True!!*/
{
Console.WriteLine("In");
}
return View();
}
If we change the attribute to [Authorize(Roles="admin")] , it redirects to Login page. 如果我们将属性更改为[Authorize(Roles="admin")] ,则会重定向到“登录”页面。
解决方案3
1 2013-11-21 22:04:51
Do you have this entry in your web.config? 你在web.config中有这个条目吗?
<roleManager enabled="true">
<providers>
<clear />
<add connectionStringName="ApplicationServices" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" applicationName="/" />
</providers>
</roleManager>
Also, if I remember correctly, there is a different namespace for the role provider assembly in different versions of .NET. 另外,如果我没记错的话,在不同版本的.NET中,角色提供程序程序集有一个不同的命名空间。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.