ASP.NET身份-如何维护登录用户角色?
[英]Asp.net identity - How to maintain logged in user role?
问题描述
I m using Angularjs project and using Asp.net identity custom storage provider with Enterprise library for token authentication. 
我正在使用Angularjs项目,并使用带有企业库的Asp.net身份定制存储提供程序进行令牌身份验证。
Implemented custom userstore to create an account. 实现自定义用户存储以创建帐户。
[Authorize] attribute works well after logged in. i want to restrict the method for particular user. [Authorize]属性在登录后效果很好。我想限制特定用户的方法。
So tried to implement [Authorize(Roles="Admin,User")] . 因此尝试实现[Authorize(Roles =“ Admin,User”)] 。
Here one user can have two roles in practical. 在这里,一个用户实际上可以扮演两个角色。 But as per the system, when user login, we restrict the user to select the particular role. 但是根据系统,在用户登录时,我们限制用户选择特定角色。
So, after validated by asp.net identity, user should select any one of the role. 因此,在通过asp.net身份验证后,用户应选择任一角色。
Here my need is, 我需要的是
I want to maintain the role which he selected (we consider this concept like impersonate user, but not exactly). 我想保留他选择的角色(我们认为这个概念就像冒充用户,但不完全是这样)。
Or, 要么,
Need to implement in the Authorize attribute itself. 需要在Authorize属性本身中实现。
I've seen some of the examples like we can add claim to identity. 我已经看到了一些示例,例如我们可以为身份添加声明。
But I can add custom claims only inside the method, 但是我只能在方法内部添加自定义声明,
GenerateUserIdentityAsync GenerateUserIdentityAsync
in my case I need to add claim after log in validated. 就我而言,我需要在登录验证后添加声明。 I've gone through some example and implemented like following. 我已经看了一些例子,并实现如下。
ClaimsIdentity identity = new ClaimsIdentity(DefaultAuthenticationTypes.ApplicationCookie);
identity.AddClaim(new Claim(ClaimTypes.Role, "Test"));
After added claim, when I try to get the claim to check the logged in user role, 添加版权声明后,当我尝试获取版权声明以检查登录的用户角色时,
List<Claim> claim = claims.Where(c => c.Type == ClaimTypes.Role).ToList();
I didn't get the Role "Test" . 我没有获得“测试”角色 。
Here my bad luck is, in claims, I've all the roles of the user except role = test 在这里,我的不幸是,我拥有用户的所有角色, 除了role = test
How to authorize the user role or maintain logged in here.. 如何在此处授权用户角色或保持登录状态。
1 个解决方案
解决方案1
2 已采纳 2015-03-11 08:17:00
I see at least three solutions for your problem: 对于您的问题,我至少看到三种解决方案:
Use a claim transformation to filter the role claims, to match a role the user choose.
使用声明转换来过滤角色声明,以匹配用户选择的角色。 You can use a claim transformation middleware or you can filter the claims during login (be aware, that you do not know the user roles BEFORE login, and afterwards filtering might be too late). 您可以使用声明转换中间件,也可以在登录期间过滤声明(请注意,在登录之前您不知道用户角色,之后进行过滤可能为时已晚)。 PRO Does not necessarily need session state; PRO不一定需要会话状态; CON User can not choose during runtime. CON用户在运行时无法选择。 Store the role in the session and authenticate against that role.
将角色存储在会话中并针对该角色进行身份验证。 Make sure, that you check against the role claims, when the user chooses his role. 确保在用户选择其角色时,对照角色声明进行检查。 PRO User might change role without re-sign-in. PRO用户可能会更改角色而无需重新登录。 CON Needs session state (Might be an issue in farm environments). CON需要会话状态(在服务器场环境中可能是一个问题)。 Don't do it at all and I'm totally serious about that.
完全不要这样做 ,我对此非常认真。 Provide your user a clean interface, that makes him know, what role he has and use areas and other technics to separate the concerns. 为您的用户提供一个简洁的界面,让他知道他所扮演的角色以及使用领域和其他技术来分离问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.