为什么 cshtml 显示不属于我角色的用户的链接?
Why is the cshtml showing links for users not in my role?
为什么 cshtml 为不在我角色中的用户显示 links?
需要说明的是,非管理员用户不应看到重置密码和创建用户 link。就我而言,他们看到的是 links.
在我的 layout.cshtml 中,我有以下代码:
@if (HttpContext.Current.User.Identity.IsAuthenticated)
{
@Html.ActionLink("My Wonderful App", "Index", "Home", new { area = "" }, new { @class = "navbar-brand" })
<span class="navbar-right">
if (HttpContext.Current.User.IsInRole("Administrators"))
{
@Html.ActionLink("Reset Password", "ResetPassword", "Auth", null, new { @class = "navbar-brand" })
@Html.ActionLink("Create User", "CreateAccount", "Auth", null, new { @class = "navbar-brand" })
}
@Html.ActionLink("Logoff", "Logoff", "Auth", null, new { @class = "navbar-brand" })
</span>
}
当用户登录时在我的控制器中我有:
// For clarity assume:
// userName = "myTest@tester.com"
// IsAdmin = false
var identity = new ClaimsIdentity(new[] {
new Claim(ClaimTypes.Name, userName),
new Claim(ClaimTypes.Email, userName)
}, "ApplicationCookie");
if (IsAdmin)
{
identity.AddClaim(new Claim(ClaimTypes.Role, "Administrators"));
}
else
{
identity.AddClaim(new Claim(ClaimTypes.Role, "User"));
}
var ctx = Request.GetOwinContext();
var authManager = ctx.Authentication;
authManager.SignIn(identity);
当用户单击 link 时拒绝访问,控制器正常工作。
[Authorize(Roles="Administrators")]
原来是剃刀语法问题。
@if (HttpContext.Current.User.Identity.IsAuthenticated)
{
@Html.ActionLink("My Wonderful App", "Index", "Home", new { area = "" }, new { @class = "navbar-brand" })
<span class="navbar-right">
if (HttpContext.Current.User.IsInRole("Administrators"))
{
@Html.ActionLink("Reset Password", "ResetPassword", "Auth", null, new { @class = "navbar-brand" })
@Html.ActionLink("Create User", "CreateAccount", "Auth", null, new { @class = "navbar-brand" })
}
@Html.ActionLink("Logoff", "Logoff", "Auth", null, new { @class = "navbar-brand" })
</span>
}
应该是:
@if (HttpContext.Current.User.Identity.IsAuthenticated)
{
@Html.ActionLink("My Wonderful App", "Index", "Home", new { area = "" }, new { @class = "navbar-brand" })
<span class="navbar-right">
@if (HttpContext.Current.User.IsInRole("Administrators"))
{
@Html.ActionLink("Reset Password", "ResetPassword", "Auth", null, new { @class = "navbar-brand" })
@Html.ActionLink("Create User", "CreateAccount", "Auth", null, new { @class = "navbar-brand" })
}
@Html.ActionLink("Logoff", "Logoff", "Auth", null, new { @class = "navbar-brand" })
</span>
}
为什么 cshtml 为不在我角色中的用户显示 links?
需要说明的是,非管理员用户不应看到重置密码和创建用户 link。就我而言,他们看到的是 links.
在我的 layout.cshtml 中,我有以下代码:
@if (HttpContext.Current.User.Identity.IsAuthenticated)
{
@Html.ActionLink("My Wonderful App", "Index", "Home", new { area = "" }, new { @class = "navbar-brand" })
<span class="navbar-right">
if (HttpContext.Current.User.IsInRole("Administrators"))
{
@Html.ActionLink("Reset Password", "ResetPassword", "Auth", null, new { @class = "navbar-brand" })
@Html.ActionLink("Create User", "CreateAccount", "Auth", null, new { @class = "navbar-brand" })
}
@Html.ActionLink("Logoff", "Logoff", "Auth", null, new { @class = "navbar-brand" })
</span>
}
当用户登录时在我的控制器中我有:
// For clarity assume:
// userName = "myTest@tester.com"
// IsAdmin = false
var identity = new ClaimsIdentity(new[] {
new Claim(ClaimTypes.Name, userName),
new Claim(ClaimTypes.Email, userName)
}, "ApplicationCookie");
if (IsAdmin)
{
identity.AddClaim(new Claim(ClaimTypes.Role, "Administrators"));
}
else
{
identity.AddClaim(new Claim(ClaimTypes.Role, "User"));
}
var ctx = Request.GetOwinContext();
var authManager = ctx.Authentication;
authManager.SignIn(identity);
当用户单击 link 时拒绝访问,控制器正常工作。
[Authorize(Roles="Administrators")]
原来是剃刀语法问题。
@if (HttpContext.Current.User.Identity.IsAuthenticated)
{
@Html.ActionLink("My Wonderful App", "Index", "Home", new { area = "" }, new { @class = "navbar-brand" })
<span class="navbar-right">
if (HttpContext.Current.User.IsInRole("Administrators"))
{
@Html.ActionLink("Reset Password", "ResetPassword", "Auth", null, new { @class = "navbar-brand" })
@Html.ActionLink("Create User", "CreateAccount", "Auth", null, new { @class = "navbar-brand" })
}
@Html.ActionLink("Logoff", "Logoff", "Auth", null, new { @class = "navbar-brand" })
</span>
}
应该是:
@if (HttpContext.Current.User.Identity.IsAuthenticated)
{
@Html.ActionLink("My Wonderful App", "Index", "Home", new { area = "" }, new { @class = "navbar-brand" })
<span class="navbar-right">
@if (HttpContext.Current.User.IsInRole("Administrators"))
{
@Html.ActionLink("Reset Password", "ResetPassword", "Auth", null, new { @class = "navbar-brand" })
@Html.ActionLink("Create User", "CreateAccount", "Auth", null, new { @class = "navbar-brand" })
}
@Html.ActionLink("Logoff", "Logoff", "Auth", null, new { @class = "navbar-brand" })
</span>
}