被分配在Global.asax.Application_AuthenticateRequest后Context.User失去作用 [英] Context.User losing Roles after being assigned in Global.asax.Application_AuthenticateRequest

问题描述

我在我的asp.net（3.5）应用程序中使用Forms身份验证。我也用角色来定义哪些用户可以访问应用程序的哪些子目录。因此，我的web.config文件中的相关部分是这样的：

I am using Forms authentication in my asp.net (3.5) application. I am also using roles to define what user can access which subdirectories of the app. Thus, the pertinent sections of my web.config file look like this:

<system.web>
  <authentication mode="Forms">
    <forms loginUrl="Default.aspx" path="/" protection="All" timeout="360" name="MyAppName" cookieless="UseCookies"  />      
  </authentication>
  <authorization >
    <allow users="*"/>
  </authorization>
</system.web>

<location path="Admin">
  <system.web>
    <authorization>
      <allow roles="Admin"/>
      <deny users="*"/>
    </authorization>
  </system.web>
</location>

根据我读

，这应该确保能够访问管理目录将是谁已经通过验证并分配管理员角色的用户的用户。

Based on what I have read, this should ensure that the only users able to access the Admin directory will be users who have been Authenticated and assigned the Admin role.

用户认证，节能认证的机票，以及其他相关问题的所有工作的罚款。如果我删除标签从web.config文件中，一切工作正常。问题来了，当我尝试执行，与管理员角色的用户才应该能够访问管理目录。

User authentication, saving the authentication ticket, and other related issues all work fine. If I remove the tags from the web.config file, everything works fine. The problem comes when I try to enforce that only users with the Admin role should be able to access the Admin directory.

在此基础上 MS KB文章，连同其他网页提供相同的信息，我已经加入以下code到我的Global.asax文件：

Based on this MS KB article along with other webpages giving the same information, I have added the following code to my Global.asax file:

protected void Application_AuthenticateRequest(Object sender, EventArgs e) {
    if (HttpContext.Current.User != null) {
        if (Request.IsAuthenticated == true) {    
            // Debug#1            
            FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(Context.Request.Cookies[FormsAuthentication.FormsCookieName].Value);
            // In this case, ticket.UserData = "Admin"                
            string[] roles = new string[1] { ticket.UserData }; 
            FormsIdentity id = new FormsIdentity(ticket);
            Context.User = new System.Security.Principal.GenericPrincipal(id, roles);
            // Debug#2
        }
    }
}

然而，当我尝试登录，我无法访问管理文件夹（重定向到登录页面）。

However, when I try to log in, I am unable to access the Admin folder (get redirected to login page).

试图调试的问题，如果我通过一个请求步骤，如果我执行Context.User.IsInRole（管理员）在该行标记调试＃1以上，它返回false。如果我执行相同的语句行调试＃2，它等于true。因此，至少就Global.asax中而言，角色被正确分配。

Trying to debug the issue, if I step through a request, if I execute Context.User.IsInRole("Admin") at the line marked Debug#1 above, it returns a false. If I execute the same statement at line Debug#2, it equals true. So at least as far as Global.asax is concerned, the Role is being assigned properly.

Global.asax中后，执行跳转有权登录页面（因为缺乏作用会导致在管理文件夹中的页面加载到被拒绝）。然而，当我执行上的登录的Page_Load中的第1行相同的语句，返回false。后Application_AuthenticateRequest在Global.asax中和限制类目录的Web窗体的初始加载所以某处，角色信息被丢失，从而导致身份验证失败（注：在Page_Load中，适当的身份验证票证仍然分配给Context.User.Id - 只有作用正在丧失）

After Global.asax, execution jumps right to the Login page (since the lack of role causes the page load in the admin folder to be rejected). However, when I execute the same statement on the first line of Page_Load of the login, it returns false. So somewhere after Application_AuthenticateRequest in Global.asax and the initial load of the WebForm in the restricted directory, the role information is being lost, causing authentication to fail (note: in Page_Load, the proper Authentication ticket is still assigned to Context.User.Id - only the role is being lost).

我是什么做错了，我怎么才能得到它正常工作？

What am I doing wrong, and how can I get it to work properly?

更新：我进入<一href="http://stackoverflow.com/questions/56271/contextuser-losing-roles-after-being-assigned-in-globalasaxapplicationauthentic#57040">solution下面

Update: I entered the solution below

推荐答案

这是问题和解决方案

早些时候，我曾到网站菜单并点击Asp.net配置。这导致了下面的行被添加到web.config中：

Earlier in development I had gone to the Website menu and clicked on Asp.net configuration. This resulted in the following line being added to the web.config:

<system.web>
  <roleManager enabled="true" />
</system.web>

从上，该应用程序是假设我是通过Asp.net站点管理器中执行的角色，这一点并没有通过FormsAuthentication角色。因此，屡遭失败，尽管实际的认证和角色的逻辑是正确设置了这一事实。

From that point on, the app was assuming that I was doing roles through the Asp.net site manager, and not through FormsAuthentication roles. Thus the repeated failures, despite the fact that the actual authentication and roles logic was set up correctly.

在从web.config中一切都被删除了此行的工作完美。

After this line was removed from web.config everything worked perfectly.

这篇关于被分配在Global.asax.Application_AuthenticateRequest后Context.User失去作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！