需要帮助以Asp.Net身份1运行[Authorize（Roles =“ Admin”）]和User.isInRole（“ Admin”）

Question

I just don't get how these two potentially incredibly useful functions are supposed to work.

[Authorize(Roles="Admin")] //Method A

and

User.isInRole("Admin") //Method B

They are clearly not working right now for me. I did a few hours of research:

I read that you need to implement System.Web.Security.RoleProvider, then set it up in the web config:

 <roleManager defaultProvider="OdbcRoleProvider" 
  enabled="true"
  cacheRolesInCookie="true"
  cookieName=".ASPROLES"
  cookieTimeout="30"
  cookiePath="/"
  cookieRequireSSL="false"
  cookieSlidingExpiration="true"
  cookieProtection="All" >
  <providers>
    <clear />
    <add
      name="OdbcRoleProvider"
      type="Samples.AspNet.Roles.OdbcRoleProvider"
      connectionStringName="OdbcServices" 
      applicationName="SampleApplication" 
      writeExceptionsToEventLog="false" />
  </providers>
</roleManager>

This caused the RoleProvider I implemented to by constructed, but the role checking functions were certainly not calling any of the methods in there.

I then read that Asp.NET Identity does away with the RoleProvider , now you need to do this:

 <modules runAllManagedModulesForAllRequests="true">
  <remove name="FormsAuthenticationModule" />
  <remove name="RoleManager" />
</modules>

And I did that.

I have a custom UserManager that connects to my postgres backend. The problem is that whenever I use it, I need to instantiate one. It seems to me that if Functions A and B are going to work, then the UserManager I have implemented needs to be referenced in some sort of config file so Asp.NET knows about it implicitly. This would be just like the RoleManager in the past.

How does ASP.NET identity alter how Functions A and B check the roles from the old RoleProvider using behavior?

Answer 1

I figured it out.

When you call the login code like this:

var user = await UserManager.FindAsync(model.Email, model.Password);
            if (user != null && user.PasswordRequiresReset == false)
            {
                await SignInAsync(user, model.RememberMe); //triggers IUserRoleStore.GetRolesAsync
                return RedirectToLocal(returnUrl);
            }

SignInAsync triggers GetRolesAsync from the IUserRoleStore:

public Task<IList<string>> GetRolesAsync(TUser user) //where TUser is an ApplicationUser
    {

        Func<object, IList<string>> getRoles = (object user2) =>
        {
            TUser user3 = (TUser)user2;
            return user3.Roles.Select(x => x.Role.Name).ToList();
        };


        return Task.Factory.StartNew(getRoles, user);

    }

In the above, I chose to simply generate the roles from the roles I already loaded from the db and stored in the ApplicationUser object when I created it in FindAsync.

The roles from GetRolesAsync must be loaded in the cookie somewhere where they can be accessed quickly and easily by Functions A and B.