设置用户对 asp.net mvc 中每个应用程序的访问权限
setting user access to every app in asp.net mvc
这是我的代码,我不知道为什么它总是执行 else 语句,即使我登录了具有 SuperAdmin 角色的用户
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
if (!ModelState.IsValid)
{
return View(model);
}
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, change to shouldLockout: true
var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false);
if (User.IsInRole("SuperAdmin"))
{
switch (result)
{
case SignInStatus.Success:
return RedirectToLocal(returnUrl);
case SignInStatus.LockedOut:
return View("Lockout");
case SignInStatus.RequiresVerification:
return RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe });
case SignInStatus.Failure:
default:
ModelState.AddModelError("", "Invalid login attempt.");
return View(model);
}
}
else
{
ModelState.AddModelError("", "you are not allowed to access this page");
//AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
return View(model);
}
}
给我一些建议,我应该如何改进我的代码..
我的问题是为什么我的代码总是执行 else 语句,即使我使用 SuperAdmin
的帐户
听起来像 if 检查当前用户角色的语句应该被移动。在继续进行用户角色检查之前,请确保当前用户是否已成功登录,因为用户可能在点击 PasswordSignInAsync 方法后仍未完成所有身份验证过程。
如果您使用的是较新版本的 Identity,请改用 UserManager.IsInRole 方法,因为 User.IsInRole 使用以前版本的角色管理器:
var user = await UserManager.FindAsync(model.Email, model.Password);
if (UserManager.IsInRole(user.Id, "SuperAdmin"))
{
// do something
}
以下是用户角色检查的示例设置:
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
if (!ModelState.IsValid)
{
return View(model);
}
var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false);
switch (result)
{
case SignInStatus.Success:
var user = await UserManager.FindAsync(model.Email, model.Password);
if (user == null)
{
// user not found or login failure, do something here
}
else
{
// proceed to role checking
var roles = await UserManager.GetRolesAsync(user.Id);
// use roles.Contains("SuperAdmin") if IsInRole still won't work
if (UserManager.IsInRole(user.Id, "SuperAdmin"))
{
return RedirectToLocal(returnUrl);
}
else
{
ModelState.AddModelError("", "you are not allowed to access this page");
return View(model);
}
}
break;
case SignInStatus.LockedOut:
return View("Lockout");
case SignInStatus.RequiresVerification:
return RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe });
case SignInStatus.Failure:
default:
ModelState.AddModelError("", "Invalid login attempt.");
}
return View(model);
}
注意:确保web.config中的roleManager设置正确设置and/orRoles table 已在数据库中加入 Users table 生效。
这是我的代码,我不知道为什么它总是执行 else 语句,即使我登录了具有 SuperAdmin 角色的用户
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
if (!ModelState.IsValid)
{
return View(model);
}
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, change to shouldLockout: true
var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false);
if (User.IsInRole("SuperAdmin"))
{
switch (result)
{
case SignInStatus.Success:
return RedirectToLocal(returnUrl);
case SignInStatus.LockedOut:
return View("Lockout");
case SignInStatus.RequiresVerification:
return RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe });
case SignInStatus.Failure:
default:
ModelState.AddModelError("", "Invalid login attempt.");
return View(model);
}
}
else
{
ModelState.AddModelError("", "you are not allowed to access this page");
//AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
return View(model);
}
}
给我一些建议,我应该如何改进我的代码.. 我的问题是为什么我的代码总是执行 else 语句,即使我使用 SuperAdmin
的帐户听起来像 if 检查当前用户角色的语句应该被移动。在继续进行用户角色检查之前,请确保当前用户是否已成功登录,因为用户可能在点击 PasswordSignInAsync 方法后仍未完成所有身份验证过程。
如果您使用的是较新版本的 Identity,请改用 UserManager.IsInRole 方法,因为 User.IsInRole 使用以前版本的角色管理器:
var user = await UserManager.FindAsync(model.Email, model.Password);
if (UserManager.IsInRole(user.Id, "SuperAdmin"))
{
// do something
}
以下是用户角色检查的示例设置:
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
if (!ModelState.IsValid)
{
return View(model);
}
var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false);
switch (result)
{
case SignInStatus.Success:
var user = await UserManager.FindAsync(model.Email, model.Password);
if (user == null)
{
// user not found or login failure, do something here
}
else
{
// proceed to role checking
var roles = await UserManager.GetRolesAsync(user.Id);
// use roles.Contains("SuperAdmin") if IsInRole still won't work
if (UserManager.IsInRole(user.Id, "SuperAdmin"))
{
return RedirectToLocal(returnUrl);
}
else
{
ModelState.AddModelError("", "you are not allowed to access this page");
return View(model);
}
}
break;
case SignInStatus.LockedOut:
return View("Lockout");
case SignInStatus.RequiresVerification:
return RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe });
case SignInStatus.Failure:
default:
ModelState.AddModelError("", "Invalid login attempt.");
}
return View(model);
}
注意:确保web.config中的roleManager设置正确设置and/orRoles table 已在数据库中加入 Users table 生效。