OWIN身份角色在本地工作，但似乎消失了，当我发布/远程IIS服务器上运行同一个code [英] OWIN identity roles work locally, but seem to disappear when I publish/run the same code on a remote IIS server

问题描述

使用OWIN 的AuthenticationHandler 内一个MVC网站，我在一个用户登陆如下：

Using an OWIN AuthenticationHandler within an MVC site, I sign in a user as follows:

var claims = new List<Claim> { new Claim(ClaimTypes.Role, UIRoles.PowerUser) };
var identity = session.ToClaimsIdentity(DefaultAuthenticationTypes.ApplicationCookie, claims);
Context.Authentication.SignIn(identity);

目前在以后的某个时间点，我检查用户是高级用户：

At some point at a later time, I check that the user is a PowerUser:

User.Identity.HasRole(UIRoles.PowerUser)

这工作在我的本地IIS，但一旦我发布一个远程IIS机器上，它总是返回假当我尝试检查，如果用户是高级用户。为什么会发生这种事？我缺少的东西，比如说，从IIS服务器的配置或远程计算机的的web.config中？

This works on my local IIS, but once I publish it on a remote IIS machine, it always returns False when I try to check if the user is a PowerUser. Why could this happen? Am I missing something from, say, the IIS server's configuration or within the remote machine's web.config?

推荐答案

我找到了原因。这是一个有点傻。我补发饼干时，我想续订用户的会话，问题是，我是更新这些cookie的 SessionInfo 对象被替换为另一个 SessionInfo 没有任何额外的索赔对象：

I found the cause. It is a bit silly. I was reissuing cookies when I wanted to renew the user's session and the problem was that the SessionInfo object I was renewing these cookies to were being replaced with another SessionInfo object without any extra claims:

session.ToClaimsIdentity(DefaultAuthenticationTypes.ApplicationCookie);

这是抹 UIRoles.PowerUser 从原来的cookie中的额外索赔我。

This was wiping the extra claim of UIRoles.PowerUser from the original cookie for me.

这篇关于OWIN身份角色在本地工作，但似乎消失了，当我发布/远程IIS服务器上运行同一个code的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！