角色身份验证使用作品的授权属性，但不是通过在web.config中的授权 [英] Roles authentication works using Authorization attribute but not via authorization in web.config

问题描述

我使用ASP.NET MVC 3，我试图做一些事情，应该是真的直线前进......

I am using ASP.NET MVC 3 and am trying to do something that should be really straight forward...

我的应用程序使用Forms身份验证和为控制器/动作可以正常使用。例如，如果我不是装点控制器或Administrators组的成员仅低于属性的动作可以查看它们：

My application uses Forms authentication and that is working perfectly for controllers/actions. For example if I decorate either a controller or an action with the attribute below only members of the administrators group can view them:

[Authorize(Roles="Administrators")]

不过，我有在默认脚本文件夹文件夹，名为管理员。我只希望Administrators组的成员才能够在这个目录中访问的脚本，所以我创建与目录中的新的web.config里面以下内容：

However I have a folder under the default Scripts folder called Admin. I only want members of the Administrators group to be able to access scripts within this directory so I created a new web.config in the directory with the following inside:

<?xml version="1.0"?>
<configuration>
  <system.web>
    <authorization>
      <allow roles="Administrators"/>
      <deny users="*"/>
    </authorization>
  </system.web>
</configuration>

不过无论用户是否是管理员组的成员，或者不是他们收到302 Found消息，然后被重定向到登录页面。

However no matter whether a user is a member of the Administrators group or not they receive a 302 Found message and are then redirected to the login page.

如果我改变web.config中允许用户=*然后它工作。它也可以，如果我添加一个允许用户=用户名，因为我与测试一个特定的用户。

If I change the web.config to allow user="*" then it works. It also works if I add an allow users="Username" for a specific user I am testing with.

这是我要去哪里错了，或在​​那里我可以开始调查任何想法？

Any ideas on where I'm going wrong or where I could start investigating?

推荐答案

你有 RoleManager 添加到您的的web.config 默认Scripts文件夹
东西如下

Do you have RoleManager added into your web.config in default Scripts folder something as below

system.web>
    <authentication mode="Forms" >
      <forms loginUrl="login.aspx"
      name=".ASPXFORMSAUTH" />
    </authentication>

  <roleManager defaultProvider="SqlProvider" 
    enabled="true"
    cacheRolesInCookie="true"
    cookieName=".ASPROLES"
    cookieTimeout="30"
    cookiePath="/"
    cookieRequireSSL="false"
    cookieSlidingExpiration="true"
    cookieProtection="All" >
    <providers>
      <add
        name="SqlProvider"
        type="System.Web.Security.SqlRoleProvider"
        connectionStringName="SqlServices"
        applicationName="SampleApplication" />
      </providers>
    </roleManager>
  </system.web>

这篇关于角色身份验证使用作品的授权属性，但不是通过在web.config中的授权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！