[英]OWIN identity roles work locally, but seem to disappear when I publish/run the same code on a remote IIS server
Using an OWIN AuthenticationHandler within an MVC site, I sign in a user as follows: 使用MVC站点内的OWIN AuthenticationHandler ,我以如下方式登录用户:
var claims = new List<Claim> { new Claim(ClaimTypes.Role, UIRoles.PowerUser) };
var identity = session.ToClaimsIdentity(DefaultAuthenticationTypes.ApplicationCookie, claims);
Context.Authentication.SignIn(identity);
At some point at a later time, I check that the user is a PowerUser
: 在以后的某个时间,我检查用户是否为
PowerUser
:
User.Identity.HasRole(UIRoles.PowerUser)
This works on my local IIS, but once I publish it on a remote IIS machine, it always returns False
when I try to check if the user is a PowerUser
. 这适用于我的本地IIS,但是一旦将其发布到远程IIS计算机上,当我尝试检查用户是否为
PowerUser
时,它始终返回False
。 Why could this happen? 为什么会发生这种情况? Am I missing something from, say, the IIS server's configuration or within the remote machine's
web.config
? 我是否从IIS服务器的配置中或远程计算机的
web.config
丢失了某些内容?
I found the cause. 我找到了原因。 It is a bit silly.
这有点傻。 I was reissuing cookies when I wanted to renew the user's session and the problem was that the
SessionInfo
object I was renewing these cookies to were being replaced with another SessionInfo
object without any extra claims: 当我想续订用户的会话时,我正在重新发布cookie,问题是我更新这些cookie的
SessionInfo
对象被另一个SessionInfo
对象替换,而没有任何额外的要求:
session.ToClaimsIdentity(DefaultAuthenticationTypes.ApplicationCookie);
This was wiping the extra claim of UIRoles.PowerUser
from the original cookie for me. 对于我来说,这消除了
UIRoles.PowerUser
从原始cookie的额外要求。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.