MVC 用户权限HttpContext.User.IsInRole()
這幾天在用MVC做一個(gè)項(xiàng)目,用到了HttpContext.User.IsInRole() 這個(gè)方法,但是每次當(dāng)我用的時(shí)候,HttpContext.User.IsInRole(“Admin”)?返回的永遠(yuǎn)是false。 在網(wǎng)上查了很多資料,發(fā)現(xiàn)都沒有解決,要解決的話,也要實(shí)現(xiàn)一系列的擴(kuò)展方法。好,廢話少說,正式進(jìn)入主題:
權(quán)限判斷
if (HttpContext.User.Identity == null || String.IsNullOrEmpty(HttpContext.User.Identity.Name))
{
return Redirect("~/Account/LogOn?returnUrl=/service");
}
else if (HttpContext.User.IsInRole("Admin"))
{
return RedirectToAction("Index", "AdminService");
}
else
{
…….
}
?{
??????return?Redirect("~/Account/LogOn?returnUrl=/service");
?}
else?if?(HttpContext.User.IsInRole("Admin"))
??{
?????????return?RedirectToAction("Index",?"AdminService");
?}
else
{
??…….
}
上面的代碼中HttpContext.User.IsInRole(“Admin”) 返回的是false。我們要返回True怎么辦?
在Global.asax中添加以下方法:
/// <summary>
/// Authen right for user
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
給登陸用戶賦權(quán)限
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
if (HttpContext.Current.User != null)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (HttpContext.Current.User.Identity is FormsIdentity)
{
//Get current user identitied by forms
FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
// get FormsAuthenticationTicket object
FormsAuthenticationTicket ticket = id.Ticket;
string userData = ticket.UserData;
string[] roles = userData.Split(',');
// set the new identity for current user.
HttpContext.Current.User = new GenericPrincipal(id, roles);
}
}
}
}
///?Authen?right?for?user
///?</summary>
///?<param?name="sender"></param>
///?<param?name="e"></param>
protected?void?Application_AuthenticateRequest(Object?sender,?EventArgs?e)
????????{
????????????if?(HttpContext.Current.User?!=?null)
????????????{
????????????????if?(HttpContext.Current.User.Identity.IsAuthenticated)
????????????????{
????????????????????if?(HttpContext.Current.User.Identity?is?FormsIdentity)
????????????????????{
????????????????????????//Get?current?user?identitied?by?forms
????????????????????????FormsIdentity?id?=?(FormsIdentity)HttpContext.Current.User.Identity;
????????????????????????//?get?FormsAuthenticationTicket?object
????????????????????????FormsAuthenticationTicket?ticket?=?id.Ticket;
????????????????????????string?userData?=?ticket.UserData;
????????????????????????string[]?roles?=?userData.Split(',');
????????????????????????//?set?the?new?identity?for?current?user.
????????????????????????HttpContext.Current.User?=?new?GenericPrincipal(id,?roles);
????????????????????}
????????????????}
????????????}
????????}
添加好以后,進(jìn)入你的登錄頁面,給當(dāng)前用戶授權(quán)。請看:
LogOn
[HttpPost]
public ActionResult LogOn(LogOnModel model, string returnUrl)
{
if (ModelState.IsValid)
{
if(ValidateUser(model.UserName, model.Password)))
{
//給登陸成功用戶賦于指定權(quán)限
UserInfo userInfo = GetuserInfo(model.UserName);
if (userInfo.Role =="Admin") {
role = "Admin";
}
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1,
userInfo.Alias,
DateTime.Now,
DateTime.Now.AddMinutes(30),
false,
role);
string encTicket = FormsAuthentication.Encrypt(authTicket);
this.Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,encTicket));
// FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
&& !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
{
return Redirect(returnUrl);
}
else
{
return RedirectToAction("Index", "Home");
}
}
else
{
ModelState.AddModelError("", "The user name or password provided is incorrect.");
}
}
// If we got this far, something failed, redisplay form
return View(model);
}
public?ActionResult?LogOn(LogOnModel?model,?string?returnUrl)
{
???if?(ModelState.IsValid)
???{
?????if(ValidateUser(model.UserName,?model.Password)))
?????{
?UserInfo?userInfo?=?GetuserInfo(model.UserName);
if?(userInfo.Role?=="Admin")????????????????????{
????role?=?"Admin";
}
FormsAuthenticationTicket?authTicket?=?new?FormsAuthenticationTicket(1,
????????????????????????userInfo.Alias,
????????????????????????DateTime.Now,
????????????????????????DateTime.Now.AddMinutes(30),
????????????????????????false,
????????????????????????role);
????????????????????string?encTicket?=?FormsAuthentication.Encrypt(authTicket);
????????????????????this.Response.Cookies.Add(new?HttpCookie(FormsAuthentication.FormsCookieName,encTicket));
??????????????????//??FormsAuthentication.SetAuthCookie(model.UserName,?model.RememberMe);
????????????????????if?(Url.IsLocalUrl(returnUrl)?&&?returnUrl.Length?>?1?&&?returnUrl.StartsWith("/")
????????????????????????&&?!returnUrl.StartsWith("//")?&&?!returnUrl.StartsWith("/\\"))
????????????????????{
????????????????????????return?Redirect(returnUrl);
????????????????????}
????????????????????else
????????????????????{
????????????????????????return?RedirectToAction("Index",?"Home");
????????????????????}
????????????????}
????????????????else
????????????????{
????????????????????ModelState.AddModelError("",?"The?user?name?or?password?provided?is?incorrect.");
????????????????}
????????????}
????????????//?If?we?got?this?far,?something?failed,?redisplay?form
????????????return?View(model);
????????}
?好了,直到這里,所有的問題,已經(jīng)解決了。如果大家有其他的好的方法,可以分享,?歡迎留言指正?:)
轉(zhuǎn)載于:https://www.cnblogs.com/sjqq/p/7365938.html
總結(jié)
以上是生活随笔為你收集整理的MVC 用户权限HttpContext.User.IsInRole()的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: swagger ui remove sp
- 下一篇: spring-mvc里的 mvc:res