can not get access to the ASP.NET MVC controller method with [Authorize(Roles = “Admin”)] even after login
Question
Implemented Identity, and I've stared it from scratch. I've created a login method in controller and I'm getting login through an JavaScript AJAX call. But when I try to access a controller method which has a Authorize(Roles = "Admin") I can not do that and every time it send me to the UnAuthorize page 401
Why I'm not able to get access to the Controller method I've user with same admin role every thing as accordingly, whats wrong with my login process, and my login page is not a strongly type View
Here is my controller method
[Authorize(Roles = "Admin")]
public ActionResult Create()
{
return View();
}
My Login method
public string ValidateUser(string userName, string password)
{
var userStore = new UserStore<IdentityUser>();
userStore.Context.Database.Connection.ConnectionString =
System.Configuration.ConfigurationManager
.ConnectionStrings["Test"].ConnectionString;
var manager = new UserManager<IdentityUser>(userStore);
// create user and save tahat to the db
var user = manager.Find(userName, password);
if (ModelState.IsValid)
{
// var user = await UserManager.FindAsync(userName, password);
if (user != null)
{
//sign in user
authenticationManger.SignIn(new AuthenticationProperties
{
IsPersistent = false
}, userIdentity);
}
else
{
ModelState.AddModelError("", "Invalid username or password.");
}
}
return userName;
}
This is my ajax call to the login method
function ValidateUser() {
debugger;
var userName = document.getElementById('username').value;
var password = document.getElementById('password').value;
var url = "/Public/ValidateUser/";
$("#btnLogin").val('Plesae wait..');
$.ajax({
url: url,
data: { UserName: userName, Password: password },
cache: false,
type: "POST",
success: function (data) {
if (data === userName && userName !== "") {
//alert("Successfull login.");
location.href = "/Home/Index";
} else {
$(".alert").show();//.delay(5000).fadeOut('slow');
setTimeout(function () { $(".alert").fadeOut(); }, 2000);
//location.href = "/Public/login";
}
$("#username").attr({ 'value': '' });
$("#password").attr({ 'value': '' });
},
error: function (reponse) {
alert("error : " + reponse);
}
});
$("#btnLogin").val('Login');
event.preventDefault();
}
UPDATE
This line of code returns true
var useris = manager.IsInRole(user.Id, "Admin");
and This line of code returns false
var user= User.Identity.GetUserId();
What is wrong Please!
2 answers
solution1
0 2016-09-09 08:02:58
your code contains some typos and it is not clear!
for example, the below code is only for finding a user not for creating;
// create user and save tahat to the db
var user = manager.Find(userName, password);
also authenticationManger should start with capital letter, and where is userIdentity coming from?
AuthenticationManger.SignIn(new AuthenticationProperties
{
IsPersistent = false
}, userIdentity);
try it with SignInManager like below:
public string ValidateUser(string userName, string password)
{
var result = SignInManager.PasswordSignIn(userName, password, false, false);
if(result==SignInStatus.Success)
return userName;
ModelState.AddModelError("", "Invalid login attempt.");
//return View(model);
return View();
}
solution2
0 ACCPTED 2016-10-03 16:39:16
The problem was the user I created before extending my OWIN to role based and group based Authorization became null and void so I'd to add this new line every time I create a new user its SecurtyStamp needed to be updated like this
await UserManager.UpdateSecurityStampAsync(user.Id);
Hope this helps any one
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.