OWIN身份角色在本地工作,但似乎消失了,当我发布/远程IIS服务器上运行同一个code [英] OWIN identity roles work locally, but seem to disappear when I publish/run the same code on a remote IIS server
问题描述
使用OWIN 的AuthenticationHandler 内一个MVC网站,我在一个用户登陆如下:
Using an OWIN AuthenticationHandler within an MVC site, I sign in a user as follows:
var claims = new List<Claim> { new Claim(ClaimTypes.Role, UIRoles.PowerUser) };
var identity = session.ToClaimsIdentity(DefaultAuthenticationTypes.ApplicationCookie, claims);
Context.Authentication.SignIn(identity);
目前在以后的某个时间点,我检查用户是高级用户
:
At some point at a later time, I check that the user is a PowerUser
:
User.Identity.HasRole(UIRoles.PowerUser)
这工作在我的本地IIS,但一旦我发布一个远程IIS机器上,它总是返回假
当我尝试检查,如果用户是高级用户
。为什么会发生这种事?我缺少的东西,比如说,从IIS服务器的配置或远程计算机的的web.config中
?
This works on my local IIS, but once I publish it on a remote IIS machine, it always returns False
when I try to check if the user is a PowerUser
. Why could this happen? Am I missing something from, say, the IIS server's configuration or within the remote machine's web.config
?
推荐答案
我找到了原因。这是一个有点傻。我补发饼干时,我想续订用户的会话,问题是,我是更新这些cookie的 SessionInfo
对象被替换为另一个 SessionInfo
没有任何额外的索赔对象:
I found the cause. It is a bit silly. I was reissuing cookies when I wanted to renew the user's session and the problem was that the SessionInfo
object I was renewing these cookies to were being replaced with another SessionInfo
object without any extra claims:
session.ToClaimsIdentity(DefaultAuthenticationTypes.ApplicationCookie);
这是抹 UIRoles.PowerUser
从原来的cookie中的额外索赔我。
This was wiping the extra claim of UIRoles.PowerUser
from the original cookie for me.
这篇关于OWIN身份角色在本地工作,但似乎消失了,当我发布/远程IIS服务器上运行同一个code的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!