仅向其他开放的MVC网站添加管理员身份验证 [英] Add only admin authentication to an otherwise open MVC website
问题描述
我有一个MVC 4网站,目前无法进行身份验证。现在需要添加一个管理部分。
可以通过在网站URL末尾添加/ Admin来浏览管理部分。现在,我想确保只有一些特定的管理员用户可以登录管理部分。为此,我在数据库中创建了一个表,并在我的控制器登录方法中对它们进行了身份验证。
我尝试了什么:
现在,一旦验证了凭证,我就会放置以下代码行,并将代码重定向到管理信息中心
FormsAuthentication.SetAuthCookie(userName, false );
return RedirectToAction( AdminDashboard, Admin);
并且,我已将Authorize属性添加到AdminDashboard方法,如下所示:
[授权]
public ActionResult AdminDashboard()
{
return 查看( AdminDashboard);
}
但是,成功登录后我收到以下错误:
经过身份验证的用户无法访问处理请求所需的资源。
我在这里缺少什么?
您的控制器需要使用适当的授权属性进行修饰,例如跟随
[授权(角色= 管理员)]
在你的web.config中,你需要在system.web配置中有以下代码
< roleManager enabled = true defaultProvider = YourRoleProvider >
最后你需要看看如果该用户已添加到各自的角色
检查web.config
文件 - 最新版本的MVC不使用表单身份验证,并明确删除模块。
寻找类似于以下内容的行:
< 删除 名称 = FormsAuthenticationModule / >
名为modules的元素。如果存在,请将其删除。
然后,检查您是否正确配置了表单身份验证:
< 身份验证 模式 = 表单 >
< 表格 ... / >
< /身份验证 >
这个StackOverflow线程 [ ^ ]。
I have a MVC 4 website, which works on no authentication as of now. Now there is a requirement to add an admin section to it.
The admin section can be browsed by adding /Admin at the end of the website URL. Now, I want to ensure that only some specific admin users can login into the admin section. For this, i have created a table in the database, and authenticating them in my controller login method.
What I have tried:
Now, once the credentials are validated, I place the following line of code, and redirect the code to the admin dashboard
FormsAuthentication.SetAuthCookie(userName, false); return RedirectToAction("AdminDashboard", "Admin");
And, i have added the Authorize attribute to the AdminDashboard method as follows:
[Authorize] public ActionResult AdminDashboard() { return View("AdminDashboard"); }
But, i get the following error after successful login:
The authenticated user does not have access to a resource needed to process the request.
What am i missing here?解决方案Your controller needs to be decorated with appropriate authorization attribute like following [Authorize(Roles = "Administrator")] In your web.config, you need to have following code inside your system.web configuration <roleManager enabled="true" defaultProvider="YourRoleProvider"> Finally you need to see if that user has been added to their respective roles
Check yourweb.config
file - recent versions of MVC don't use forms authentication, and explicitly remove the module.
Look for a line similar to:
<remove name="FormsAuthenticationModule" />
under an element calledmodules
. If it exists, remove it.
Then, check that you have forms authentication configured correctly:
<authentication mode="Forms"> <forms ... /> </authentication>
There's more information in this StackOverflow thread[^].
这篇关于仅向其他开放的MVC网站添加管理员身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!