自定义窗体身份验证+ MVC3 + AuthorizeAttribute [英] Custom Forms Authentication + MVC3 + AuthorizeAttribute

问题描述

我基本上做的是这个。但是，每当我使用内置的AuthorizeAttribute，MVC框架（我猜）从来没有看我的委托人，以确定用户是否具有适当的角色。它不停地尝试创建的App_Data目录一个新的MDF文件，因为它不具备特权它吹起来。

I am essentially doing is this. However, whenever I use the built in AuthorizeAttribute, the MVC framework (I'm guessing) never looks at my principal to determine if the user has the proper roles. It keeps trying to create a new MDF file in the app_data directory, and because it doesn't have privileged it blows up.

这是预期的行为，我应该得到我自己的AuthorizeAttribute并检查主要自己？

Is this expected behavior, and should I derive my own AuthorizeAttribute and check the principal myself?

另一个怪异的行为要指出的是，我在同一个域中的两个站点为此我做单点登录。在任一站点，我使用同样的类库来重新创建的AuthenticateRequest我自定义校长，我看到调试认为，主要是越来越正确设置在每个站点上的时候。然而，现场1（认证用户一）使用内置的AuthorizeAttribute，和它的作品完美，但现场2，试图创建时有AuthorizeAttribute任何行动被称为MDF文件。

Another weird behavior to point out is that I have two sites on the same domain for which I'm doing single sign on. On either site, I'm using the same class library to recreate my custom principal on AuthenticateRequest, and I see when debugging that the principal is getting set correctly on each site. However, site 1 (the one which authenticates to the user) uses the built-in AuthorizeAttribute, and it works perfectly, but site 2, is trying to create an MDF file when any action that has the AuthorizeAttribute is called.

推荐答案

好吧，我想通了，我不得不把它添加到system.webServer下我的web配置。这消除了替换我的本金的HttpModule。

Ok, I figured it out, I had to add this to my web config under system.webServer. This removes the HttpModule that replaces my principal.

<modules runAllManagedModulesForAllRequests="true">
    <remove name="RoleManager" />
</modules>

这篇关于自定义窗体身份验证+ MVC3 + AuthorizeAttribute的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！