[英]Role authentication and authorization
我正在為我的管理頁面進行身份驗證。 我跟蹤了來自各個網站的示例,但是每次嘗試訪問產品頁面時,它總是將我踢出登錄頁面。
這是我的代碼
login.aspx.cs
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
if (User.Identity.IsAuthenticated && Request.QueryString["ReturnUrl"] != "")
{
divError.Visible = true;
divError.InnerHtml = accessErrorMessage;
}
}
}
protected void btn_enter_Click(object sender, EventArgs e)
{
using (var db = new MainDB())
{
administrator=db.Administrators.Where(q => q.Name == txtUsername.Text && q.Password == txtPassword.Text).FirstOrDefault();
if(administrator!=null)
{
administrator.DateLastLogin = DateTime.Now;
roles = administrator.Role;
adminID = administrator.AdministratorId;
db.SaveChanges();
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, // Ticket version
adminID.ToString(), // Username associated with ticket
DateTime.UtcNow, // Date/time issued
DateTime.UtcNow.AddMinutes(30), // Date/time to expire
true, // "true" for a persistent user cookie
**roles, // User-data, in this case the roles(data example: product,feedback,subscribes**
FormsAuthentication.FormsCookiePath); // Path cookie valid for
// Encrypt the cookie using the machine key for secure transport
string hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(
FormsAuthentication.FormsCookieName, // Name of authentication cookie
hash); // Hashed ticket
// Set the cookie's expiration time to the tickets expiration time
if (ticket.IsPersistent) cookie.Expires = ticket.Expiration;
// Add the cookie to the list for outgoing response
Response.Cookies.Add(cookie);
// Redirect to requested URL, or homepage if no previous page
// requested
string returnUrl = Request.QueryString["ReturnUrl"];
if (returnUrl == null)
{
returnUrl = "~/admin/";
}
// Don't call FormsAuthentication.RedirectFromLoginPage since it
// could
// replace the authentication ticket (cookie) we just added
Response.Redirect(returnUrl);
}
else
{
divError.Visible = true;
divError.InnerHtml = loginErrorMessage;
}
//if (FormsAuthentication.Authenticate(txtUsername.Text, txtPassword.Text))
//{
// FormsAuthentication.RedirectFromLoginPage(txtUsername.Text, false);
//}
}
Global.asax中
void Application_AuthenticateRequest(object sender, EventArgs e)
{
if(Request.IsAuthenticated)
{
FormsIdentity identity = (FormsIdentity)HttpContext.Current.User.Identity;
//Add the roles to the User Principal
HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(HttpContext.Current.User.Identity, identity.Ticket.UserData.Split(new char[] { ',' }));
}
}
web.config中
<location path="admin/product">
<system.web>
<authorization>
<!--<allow users="admin"/>-->
<allow roles="product"/>
<deny users="*"/>
</authorization>
</system.web>
<location path="admin/spotlight">
<system.web>
<authorization>
<!--<allow users="admin"/>-->
<allow roles="spotlight"/>
<deny users="*"/>
</authorization>
</system.web>
<location path="admin/career">
<system.web>
<authorization>
<!--<allow users="admin"/>-->
<allow roles="career"/>
<deny users="*"/>
</authorization>
</system.web>
<location path="admin/emailshare">
<system.web>
<authorization>
<!--<allow users="admin"/>-->
<allow roles="emailshare"/>
<deny users="*"/>
</authorization>
</system.web>
我在這里做錯什么了嗎?
您首先要允許一個角色,然后再拒絕所有用戶。
規則按順序執行,因此請嘗試將最具體的規則指定為最后一個。
<deny users="*"/>
<allow roles="emailshare"/>
另一件事,從數據庫對用戶進行身份驗證后,您沒有設置主體。 您需要在HttpContext中設置用戶,並且標記為Authenticated。 否則,如果(Request.IsAuthenticated)
始終為false。
GenericIdentity userIdentity =
new GenericIdentity(ticket.Name);
GenericPrincipal userPrincipal =
new GenericPrincipal(userIdentity, roles);
Context.User = userPrincipal;
請注意,roles參數是逗號分隔的字符串。
另外,使用內置提供程序模型會更容易嗎? 這樣可以防止您自己編寫所有身份驗證代碼。 然后,您可以根據需要使用自己的數據訪問邏輯來創建自定義成員資格提供程序 。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.