asp.net web api 基于角色的身份验证自定义属性检查用户是否在角色中

Question

在网上搜索了一下，没找到我的意思...

能否请您详细说明我到底做错了什么，我怎样才能真正完成我需要的东西？多个字符串下方的代码注释中解释了问题。

um.FindByName(username) - 当然给我一个错误 "The entity type ApplicationUser is not part of the model for the current context"

public class MyNewAuthenticationAttribute : AuthorizeAttribute
{
    public override void OnAuthorization(HttpActionContext actionContext)
    {


        if (actionContext.Request.Headers.Authorization == null)
        {
            base.OnAuthorization(actionContext);
        }
        else
        {
            string authenticationToken = actionContext.Request.Headers.Authorization.Parameter;
            string decodedToken = Encoding.UTF8.GetString(Convert.FromBase64String(authenticationToken));
            string[] usernamePasswordArray = decodedToken.Split(':');
            string username = usernamePasswordArray[0];
            string password = usernamePasswordArray[1];


            // Here is the issue. I need to check whether the user is in admin role....
            var um = new UserManager<ApplicationUser>(new UserStore<ApplicationUser>(new WeatherAppDbEntities()));
            var user = um.FindByName(username);

            var isInRole = um.IsInRole(user.Id, "Admin");


            if (// User is admin)
            {

            }
            else
            {
                actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
            }
        }



    }

}

更新：

好吧，如果我使用，一切正常： var um = new UserManager<ApplicationUser>(new UserStore<ApplicationUser>(new ApplicationDbContext())); 在我创建的新身份验证属性中...不太确定将 ApplicationDbContext() 与稍后创建的 Ado.net 数据模型一起使用的最佳做法是什么

Answer 1

ApplicationUser 身份似乎不属于您当前的上下文 WeatherAppDbEntities。您应该根据自己的情况实施它。

public class WeatherAppDbEntities : IdentityDbContext<ApplicationUser>
{
    public WeatherAppDbEntities()
        : base("DefaultConnection")
    {
    }
}

Answer 2

就像 Stormcloak 提到的那样，你似乎有两个或更多 DbContexts and therefore you are using more then one databases or connection strings.When creating Asp.Net MVC projects, tamplate comes with some models and controlers, as well as connection string named "DefaultConnection". Visual studio uses SQL Server Express 并且它使用连接字符串生成将存储用户信息的数据库，所以当你创建自己的数据库（“WeatherAppDb”）时，你基本上是使用两个数据库。 如何预防？

1. 创建 MVC 项目时检查 Web.config 文件中的 <connectionStrings> 标签，如果你发现了什么 喜欢 tihs

 <add name="DefaultConnection" connectionString="Data Source=(LocalDb)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\aspnet-MyMVCProject-20180127104017.mdf;Initial Catalog=aspnet-MyMVCProject-20180127104017;Integrated Security=True"
      providerName="System.Data.SqlClient" />

<add name="WeatherAppDbConnectionString" connectionString="Data Source=(LocalDb)\SQLEXPRESS;;Initial Catalog=WeatherAppDb;Integrated Security=True"
      providerName="System.Data.SqlClient" />

最简单的方法是删除 "Default Connection" 连接字符串并将您的 "Weather App DbConnectionString" 重命名为 "Default Connection"，这样您就只剩下这个

//renamed from WeatherAppDbConnectionString to Default Connection
     <add name="DefaultConnection" connectionString="Data Source=(LocalDb)\SQLEXPRESS;;Initial Catalog=WeatherAppDb;Integrated Security=True"
      providerName="System.Data.SqlClient" />

2. 一旦你完成了第一步，就去你的 WeatherAppDbEntities 并且正如 StormCloack 所说，请确保您在此处 "Default Connection"

public class WeatherAppDbEntities : IdentityDbContext<ApplicationUser>
        {
            public WeatherAppDbEntities()
                : base("DefaultConnection")
            {
            }
        }

关于你的代码，也许也有问题，但不确定，我已经修改了一些。

   WeatherAppDbEntities db = new WeatherAppDbEntities();
            var um = new UserManager<ApplicationUser>(new UserStore<ApplicationUser>(db));               
            var user = db.Users.Find(username);