开发者

Need help implementing simple role management

问答 作者:

I have a very basic need in regards to membership and role management. I am having success with the membership and being able to use the [Authorize] filter, but the IsInRole() and all that goes along with it is failing. I am hoping someone can point out where I am going wrong.

1) Login action is call开发者_如何学Pythoned on the controller:

[HttpPost]
    public ActionResult LogOn(LoginVM model, string returnUrl)
    {
        if (ModelState.IsValid)
        {
            if (_employeeService.Login(model))
            {
                _employeeService.CreateTicket(model);

                FormsAuthentication.SetAuthCookie(model.Username, model.RememberMe);

                if (!String.IsNullOrEmpty(returnUrl))
                {
                    return Redirect(returnUrl);
                }
                else
                {
                    return RedirectToAction("Index", "Home");
                }
            }
            else
            {
                ModelState.AddModelError("", "The user name or password provided is incorrect.");
            }
        }

        // If we got this far, something failed, redisplay form
        return View(model);
    }

2) The CreateTicket(LovinVM model) looks like this:

public HttpCookie CreateTicket(LoginVM input)
    {
        string rolesList;
        using (var tx = _session.BeginTransaction())
        {
            Employee employee = _employeeRepository.GetByUsername(input.Username);

            if (employee.Roles.Count >= 0)
            {
                string[] roles = new string[employee.Roles.Count];
                for (int i = 0; i < employee.Roles.Count; i++)
                {
                    roles[i] = employee.Roles.ElementAt(i).Name;
                }

                rolesList = string.Join(",", roles);
            }
            else
            {
                rolesList = string.Empty;
            }

            tx.Commit();
        }

        FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, input.Username, DateTime.Now, DateTime.Now.AddMinutes(20), false, rolesList);

        return new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket));
    }

If I check to see if the user is in a role after the ticket is created, but before the auth cookie is set I get a true value:

_employeeService.CreateTicket(model);

bool test = User.IsInRole("Role1");

FormsAuthentication.SetAuthCookie(model.Username, model.RememberMe);

If I add a check to the site.master to show/hide a menu item based on role there are no roles listed for the user anymore. I have tried both Page.User.IsInRole("Role1") and HttpContext.Current.User.IsInRole("Role1") neither of which is true. I also receive a failure on [Authorize(Roles="Role1")] filter.

Im not sure if you are basing your membership off of the old base membership provider or not, but looking at one of my early stage MVC projects... there is a method being called when a user successfully validates ... 

if (MembershipService.ValidateUser(model.UserName, model.Password))
            {
                FormsService.SignIn(model.UserName, model.RememberMe);

While I am no expert on Membership services, it sounds as if your user is not properly being Logged in, once they "Log In" if you know what I mean.

The line that says FormsService.SignIn() ... you have nothing similar in your LogOn method.

on a separate note - Im curious why you are calling commit on a transaction when it seems as though no transactional work is being done? You get a user, and create a ticket (which goes to a cookie.

继续阅读:asp.netasp.net-mvc

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9