如何保持RoleProvider从覆盖自定义角色? [英] How to keep RoleProvider from overriding custom roles?
问题描述
我有一个自定义的角色提供,获取一个用户所属的角色从一个数据库。我也有在注册自定义的验证模块我的web.config的的HttpModules这嗅着传入的HTTP请求和(如果它是一个OAuth签名的请求)将HttpContext.Current.User属性来冒充用户,而且它设置的IPrincipal包括所有用户的角色,加上一个额外的一个叫授权。
I have an custom role provider that gets the roles a user belongs to from a database. I also have a custom authentication module registered in my web.config's httpModules which sniffs incoming HTTP requests and (if it's an OAuth signed request) sets the HttpContext.Current.User property to impersonate the user, and the IPrincipal that it sets includes all the user's roles, plus an extra one called "delegated".
麻烦的是,当我把我的自定义的IPrincipal,显然仍ASP.NET我调用自定义角色提供程序,然后一个一个只具有标准角色为该用户重置的IPrincipal。
The trouble is, after I set my custom IPrincipal, apparently ASP.NET still calls my custom role provider, and then resets the IPrincipal with one that has only the standard roles for that user.
如果我设置<启用roleManager =false的...> 在我的web.config文件中,身份验证模块的指定角色,坚持下去。很显然,虽然,我想两全其美。如何使用角色提供,但是当我的验证模块决定取消角色提供的效果?
If I set <roleManager enabled="false" ...> in my web.config file, the authentication module's assigned roles stick. Obviously though, I want the best of both worlds. How can I use the role provider, but "cancel" the role provider's effect when my authentication module decides to?
推荐答案
原来,在认证HTTP模块的初始化方法,我可以找到 RoleManager ,然后钩,让我否决权它是否做它的工作压倒一切的事件:
It turns out that in the authentication http module's Init method, I can find the RoleManager, and then hook an event that gives me veto power on whether it does its overriding work:
public void Init(HttpApplication context) {
var roleManager = (RoleManagerModule)context.Modules["RoleManager"];
roleManager.GetRoles += this.roleManager_GetRoles;
}
private void roleManager_GetRoles(object sender, RoleManagerEventArgs e) {
if (this.application.User is OAuthPrincipal) {
e.RolesPopulated = true; // allows roles set in AuthenticationRequest to stick.
}
}
private void context_AuthenticateRequest(object sender, EventArgs e) {
if (/*oauth request*/) {
HttpContext.Current.User = CreateOAuthPrincipal();
}
}
这篇关于如何保持RoleProvider从覆盖自定义角色?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
