MVC定制roleprovider如何把它挂到HttpContext.Current.User.IsInRole(QUOT; myrole") [英] MVC custom roleprovider how to hook it up to HttpContext.Current.User.IsInRole("myrole")

查看:212
本文介绍了MVC定制roleprovider如何把它挂到HttpContext.Current.User.IsInRole(QUOT; myrole")的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个MVC应用程序,我写了一个定制roleprovider它如下所示:

I have an MVC app and I wrote a custom roleprovider for it as shown:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Security;
using VectorCheck.Models;

namespace VectorCheck.Security
{
    public class MyRoleProvider : RoleProvider
    {
        private VectorCheckRepository<User> _repository { get; set; }

        public MyRoleProvider()
        {
            _repository = new VectorCheckRepository<User>();
        }

        public MyRoleProvider(VectorCheckRepository<User> repository)
        {
            _repository = repository;
        }

        public override void AddUsersToRoles(string[] usernames, string[] roleNames)
        {
            throw new NotImplementedException();
        }

        public override string ApplicationName
        {
            get
            {
                throw new NotImplementedException();
            }
            set
            {
                throw new NotImplementedException();
            }
        }

        public override void CreateRole(string roleName)
        {
            throw new NotImplementedException();
        }

        public override bool DeleteRole(string roleName, bool throwOnPopulatedRole)
        {
            throw new NotImplementedException();
        }

        public override string[] FindUsersInRole(string roleName, string usernameToMatch)
        {
            throw new NotImplementedException();
        }

        public override string[] GetAllRoles()
        {
            throw new NotImplementedException();
        }

        public override string[] GetRolesForUser(string username)
        {
            var user = _repository.GetUser(username);

            return new string[] { user.Role.Name };
        }

        public override string[] GetUsersInRole(string roleName)
        {
            throw new NotImplementedException();
        }

        public override bool IsUserInRole(string username, string roleName)
        {
            var user = _repository.GetUser(username);

            return string.Compare(user.Role.Name, roleName, true) == 0;
        }

        public override void RemoveUsersFromRoles(string[] usernames, string[] roleNames)
        {
            throw new NotImplementedException();
        }

        public override bool RoleExists(string roleName)
        {
            throw new NotImplementedException();
        }
    }
}

这个作品真的很好用限制访问使用的控制器和动作:

This works really well with restricting access to controllers and actions using:

[Authorize(Roles = "Administrator")]

控制器或动作之上。

above the controller or action.

我也想在视图中使用,虽然限制访问一些事情:

I also want restricted access to some things in the view though using:

HttpContext.Current.User.IsInRole("Administrator")

这方法不是我roleprovider,但这样是没有得到覆盖的部分。

This method isn't part of my roleprovider though so isn't getting overridden.

有谁知道怎么做了这种方法呢?

Does anyone know how to do it for this method as well?

推荐答案

如果你已经迷上你RoleProvider为web.config中的应用程序中的角色提供,那么这应该自动工作;该框架将创建一个 RolePrincipal 在将调用 GetRolesForUser 法的请求开始身份验证的用户的角色提供商,从的IIdentity 作为用户名路过的名称。

If you've hooked your RoleProvider as the role provider for the application in web.config, then this should work automatically; the framework will create a RolePrincipal for an authenticated user at the start of the request that will call the GetRolesForUser method on your role provider, passing the name from the IIdentity as the user name.

该框架的实施 RolePrincipal IsInRole(字符串角色)方法是这样的(我加评论)

The framework implementation of RolePrincipal's IsInRole(string role) method is something like this (I've added comments)

public bool IsInRole(string role) 
{ 
    if (_Identity == null)
        throw new ProviderException(SR.GetString(SR.Role_Principal_not_fully_constructed)); 

    if (!_Identity.IsAuthenticated || role == null)
        return false;
    role = role.Trim(); 
    if (!IsRoleListCached) {
        _Roles.Clear(); 

        // here the RoleProvider is used to get the roles for the user
        // and are cached in a collection on the RolePrincipal so that
        // they are only fetched once per request
        string[] roles = Roles.Providers[_ProviderName].GetRolesForUser(Identity.Name); 
        foreach(string roleTemp in roles)
            if (_Roles[roleTemp] == null) 
                _Roles.Add(roleTemp, String.Empty);

        _IsRoleListCached = true;
        _CachedListChanged = true; 
    }
    return _Roles[role] != null; 
}

设置RoleProvider内断点 GetRolesForUser 方法,以确保它被正确调用,并检查的IPrincipal HttpContext.Current.User )以确保它的类型为 RolePrincipal 身份验证的用户。

Set a breakpoint inside of your RoleProvider GetRolesForUser method to ensure that it is being called correctly and also inspect the IPrincipal (HttpContext.Current.User) to ensure that it is of type RolePrincipal for an authenticated user.

这篇关于MVC定制roleprovider如何把它挂到HttpContext.Current.User.IsInRole(QUOT; myrole&QUOT;)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
ASP .NET最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆