窗体身份验证User.IsInRole（）随机不LogOn支持工作 [英] Forms Authentication User.IsInRole() randomly not working in LogOn

问题描述

我更改默认的登录功能在MVC3项目将用户重定向到基于其角色使用 User.IsInRole某一页（）。当我测试了这一点，第一对夫妇的用户重定向不如预期，但在那之后我有一对夫妇未重定向到哪里，他们都应该（通过他们的所有语句通过并击中了默认主页索引。）看来完全随机的，有时候我的管理​​将采取的管理页面，其他时间不。

I was changing the default LogOn function in an MVC3 project to redirect a user to a certain page based on their role by using User.IsInRole(). When I was testing this out, the first couple users redirected as expected, but after that I had a couple that didn't redirect to where they are supposed to (they passed through all the statements and hit the default home index.) It seems completely random, sometimes my admin will be taken to the admin page, other times not.

我的登录功能：

[HttpPost]
public ActionResult LogOn(LogOnModel model, string returnUrl)
{
    if(ModelState.IsValid)
    {
        if(Membership.ValidateUser(model.UserName, model.Password))
        {
            FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
            if(Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && 
                returnUrl.StartsWith("/") && !returnUrl.StartsWith("//") && 
                !returnUrl.StartsWith("/\\"))
            {
                return Redirect(returnUrl);
            }
            else
            {
                if(User.IsInRole("Admin") || User.IsInRole("SuperAdmin"))
                {
                    return RedirectToAction("Index", "Admin");
                }
                else if(User.IsInRole("Employee"))
                {
                    return RedirectToAction("Index", "Employee");
                }
                else if(User.IsInRole("Accounting"))
                {
                    return RedirectToAction("Index", "Accounting");
                }
                // If the user is in none of those roles, send them to the home index
                return RedirectToAction("Index", "Home");
            }
        }
        else
        {
            MembershipUser user = Membership.GetUser(model.UserName);
            if(user == null)
                ModelState.AddModelError("", "The user name or password provided is incorrect.");
            else
                ModelState.AddModelError("", "You haven't been approved yet, or you are locked out.");
        }
    }
    // If we got this far, something failed, redisplay form
    return View(model);
}

综观的IntelliTrace，好像有时候它并没有刻意去查询数据库，例如，当它的作品我看到执行读本dbo.aspnet_UsersInRoles_GetRolesForUser而当它没有我不知道。

有谁知道为什么 User.IsInRole（）将返回false，即使用户在角色？是否有某种形式发生，为什么没有queering数据库中每一次兑付的？

Does anyone know why User.IsInRole() would return false even if the user is in the role? Is there some form of cashing happening, why isn't it queering the database every time?

我确切地知道用户在我测试的角色，我知道这是不是要重定向到URL的回报，我也知道角色没有被存储在任何cookie。任何想法将AP preciated，我敢肯定，我会去了解这个法子，不过现在我更感兴趣的是，为什么这个简单的方法是行不通的。

I know for sure the users are in the roles I am testing, and I know it is not trying to redirect to the return url, I also know that the role isn't being stored in any cookies. Any ideas would be appreciated, I'm sure I could go about this another way, however now I'm more interested in why this simple approach isn't working.

更新

我发现，如果我替换如果（User.IsInRole（... 语句以重定向到一个名为分拣另一个动作，我加入if语句出现，它工作的时候100％。

I found that if i replace the If(User.IsInRole(... statements with a redirect to another action called sorting, and I add the if statements there, it works 100% of the time.

public ActionResult Sorting()
{
    if(User.IsInRole("Admin") || User.IsInRole("SuperAdmin"))
    {
        return RedirectToAction("Index", "Admin");
    }
    else if(User.IsInRole("Employee"))
    {
        return RedirectToAction("Index", "Employee");
    }
    else if(User.IsInRole("Accounting"))
    {
        return RedirectToAction("Index", "Accounting");
    }
    // If the user is in none of those roles, send them to the home index
    return RedirectToAction("Index", "Home");
}

所以显然 User.Identity.Name 未设置（或将不返回用户名），直到 LogOn支持函数退出。它是否正确？我想通了 Membership.ValidateUser 被称为后，用户通过身份验证，显然不是。

So apparently User.Identity.Name is not set (or will not return the user's name) until the LogOn function exits. Is this correct? I figured that after the Membership.ValidateUser was called the user was authenticated, apparently not.

所以，在什么点后 Membership.ValidateUser（）被调用时，将 User.IsInRole（）去正常工作？是的是的cookie被丢弃后，还是什么？

So at what point after Membership.ValidateUser() is called, will the User.IsInRole() going to work correctly? Is is after the cookie is dropped, or what?

我想我可以使用如果（Roles.IsUserInRole（model.UserName，管理）），因为我的确有从提交的模型的用户的名称。你认为这是一个更好的主意，或只是使用排序重定向像我一样？

I suppose I could use if(Roles.IsUserInRole(model.UserName, "Admin")) since I do have the user's name from the model submitted. Do you think this is a better idea or just use the Sorting redirect like I did?

推荐答案

现在的问题是，当 LogOn支持函数被调用，传入的请求没有经过身份验证的用户来说，用户对象为null，它不是，直到新的请求时，该用户对象填充。因此，当 User.IsInRole（）是所谓的 LogOn支持，用户是空。

The problem is that when the LogOn function is called, the incoming request has no authenticated user, the User object is null, it is not until a new request is made that the User object is populated. So when User.IsInRole() is called in the LogOn, User is null.

总之，用户对象是先前在ASP.NET管道设置，长
  之前执行所请求的ASP.NET页面的code。现在，对
  复诊时，ASP.NET运行时会看到形式
  身份验证票证和User.Identity.IsAuthenticated是事实，
  但不能在此请求。结果
  ...

In short, the User object is set earlier in the ASP.NET pipeline, long before the requested ASP.NET page's code is executed. Now, on the subsequent visit, the ASP.NET runtime will see the forms authentication ticket and User.Identity.IsAuthenticated will be true, but not on this request.
...

此外，您将无法获得用户名
  从User.Identity.Name。相反，使用LoginControlID.Username。

Also, you won't be able to get the username from User.Identity.Name. Instead, use LoginControlID.Username.

http://forums.asp.net/post/1988606.aspx

这篇关于窗体身份验证User.IsInRole（）随机不LogOn支持工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！