仅向其他开放的MVC网站添加管理员身份验证 [英] Add only admin authentication to an otherwise open MVC website

问题描述

我有一个MVC 4网站，目前无法进行身份验证。现在需要添加一个管理部分。



可以通过在网站URL末尾添加/ Admin来浏览管理部分。现在，我想确保只有一些特定的管理员用户可以登录管理部分。为此，我在数据库中创建了一个表，并在我的控制器登录方法中对它们进行了身份验证。



我尝试了什么：



现在，一旦验证了凭证，我就会放置以下代码行，并将代码重定向到管理信息中心

 FormsAuthentication.SetAuthCookie（userName， false ）; 
  return  RedirectToAction（  AdminDashboard，  Admin）; 

并且，我已将Authorize属性添加到AdminDashboard方法，如下所示：

 [授权] 
  public  ActionResult AdminDashboard（）
 {
  return 查看（   AdminDashboard）; 
} 

但是，成功登录后我收到以下错误：

经过身份验证的用户无法访问处理请求所需的资源。





我在这里缺少什么？

解决方案

您的控制器需要使用适当的授权属性进行修饰，例如跟随
 
 [授权（角色=  管理员）] 
在你的web.config中，你需要在system.web配置中有以下代码
 
< roleManager enabled =   true defaultProvider =   YourRoleProvider >  
最后你需要看看如果该用户已添加到各自的角色

检查 web.config 文件 - 最新版本的MVC不使用表单身份验证，并明确删除模块。



寻找类似于以下内容的行：

 <  删除   名称  =  FormsAuthenticationModule    /  >  

名为 modules的元素。如果存在，请将其删除。



然后，检查您是否正确配置了表单身份验证：



 <  身份验证   模式  = 表单 >  
 <  表格    ...     /  >  
 <   /身份验证 >  





这个StackOverflow线程 [ ^ ]。




I have a MVC 4 website, which works on no authentication as of now. Now there is a requirement to add an admin section to it.

The admin section can be browsed by adding /Admin at the end of the website URL. Now, I want to ensure that only some specific admin users can login into the admin section. For this, i have created a table in the database, and authenticating them in my controller login method.

What I have tried:

Now, once the credentials are validated, I place the following line of code, and redirect the code to the admin dashboard



FormsAuthentication.SetAuthCookie(userName, false);
return RedirectToAction("AdminDashboard", "Admin");



And, i have added the Authorize attribute to the AdminDashboard method as follows:



[Authorize]
public ActionResult AdminDashboard()
{
    return View("AdminDashboard");
}



But, i get the following error after successful login:
The authenticated user does not have access to a resource needed to process the request.


What am i missing here?

解决方案

Your controller needs to be decorated with appropriate authorization attribute like following

[Authorize(Roles = "Administrator")]
In your web.config, you need to have following code inside your system.web configuration

<roleManager enabled="true" defaultProvider="YourRoleProvider">
Finally you need to see if that user has been added to their respective roles




Check your web.config file - recent versions of MVC don't use forms authentication, and explicitly remove the module.

Look for a line similar to:

<remove name="FormsAuthenticationModule" />

under an element called modules. If it exists, remove it.

Then, check that you have forms authentication configured correctly:

<authentication mode="Forms">
  <forms ... />
</authentication>

There's more information in this StackOverflow thread[^].




这篇关于仅向其他开放的MVC网站添加管理员身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！