ASP.NET身份,添加其他用户到角色瞬间(他们没有注销并重新) [英] ASP.NET Identity, add another user to role instantly (they don't have to log out and in again)
问题描述
首先,我知道这个问题的: MVC 5 AddToRole需要注销它的工作原理之前
First of all, I'm aware of this question: MVC 5 AddToRole requires logout before it works?
和这一个:的什么是ASP.NET身份的IUserSecurityStampStore<&TUSER GT;接口?
所以请不要将此标记为重复。
so please don't mark this as a duplicate.
我尝试其他用户添加到角色(即,我们要添加到该角色的用户不是当前用户,如果是,回答第一个问题我联系就足够了。)
I'm trying to add another user to a role (i.e. the user we're adding to the role is not the current user. If they are, the answer to first question I linked to is sufficient.)
像这样:
IdentityResult result = await userManager.AddToRoleAsync(userID, roleName);
这两种情况我做这包括:从管理页面,在当前用户是管理员;以及一个网络挂接确保基本身份验证(如果没有当前用户所有)
The two situations I'm doing this in are: from an admin page, where the current user is the administrator; and a webhook secured with basic authentication (where there is no current user at all).
问题:如果此更改适用于已登录并使用用户应用程序,我需要添加到角色转变为即时申请。他们不应该注销并再次为改变发生,它需要马上发生。
THE PROBLEM: if the user that this change applies to is logged in and using the app, I need the "add to role" change to apply instantly. They shouldn't have to log out and in again for the change to happen, and it needs to happen straight away.
谢谢大家。
编辑:
顺便说一句,User.IsInRole(角色名)需要注销并登录,以反映被添加到新的角色。 UserManager.IsInRole(用户ID,角色名)不会的,因为(我认为),它直接对数据库表进行检查。但是,如果用户点击与他们刚刚被添加到角色安全的操作方法,他们仍然要再次登录,这是不够公平。
下面是授权属性的源代码:的
By the way, User.IsInRole(roleName) requires logout and login to reflect being added to the new role. UserManager.IsInRole(userID, roleName) does not, because (I assume) it goes straight to the database tables to check. But if the user hits an action method secured with the role they've just been added to, they still have to log in again, which is fair enough. Still curious if there's a way around this.
编辑.COM / ASP-NET-MVC / aspnetwebstack / BLOB / 4e40cdef9c8a8226685f95ef03b746bc8322aa92 / src目录/ System.Web.Mvc / AuthorizeAttribute.cs相对=nofollow> https://github.com/ASP-NET-MVC/aspnetwebstack/blob /4e40cdef9c8a8226685f95ef03b746bc8322aa92/src/System.Web.Mvc/AuthorizeAttribute.cs
Here is the source code for the Authorize attribute: https://github.com/ASP-NET-MVC/aspnetwebstack/blob/4e40cdef9c8a8226685f95ef03b746bc8322aa92/src/System.Web.Mvc/AuthorizeAttribute.cs
它使用User.IsInRole,这基本上是为什么我们需要重新登录。这似乎覆盖的方法是AuthorizeCore(HttpContextBase HttpContext的)。我不是勇敢或现在惹这个权利不够好,但如果你想有一个去很多人会发现这是很有帮助的。
It uses User.IsInRole, which is essentially why we need to log in again. It seems the method to override is AuthorizeCore(HttpContextBase httpContext). I'm not brave or good enough to mess with this right now but if you want to have a go lots of people will find this helpful.
推荐答案
从你的问题的底部开始。 User.IsInRole()进入用户的cookie和检查都存储在cookie的什么样的角色。因此,它需要重新登录更改生效。是的,你是正确地说, UserManager.IsInRole()与数据库检查,不与该cookie。
Starting from the bottom of your question. User.IsInRole() goes into user cookie and checks what roles are stored in that cookie. Hence it requires relogin for changes to take effect. And yes, you are correct in saying that UserManager.IsInRole() checks with database, not with the cookie.
为了确保角色的转变都将立即应用需要在角色检查变化对每一个要求。要做到这一点在 Startup.Auth.cs 找到这一行:
To make sure role changes are applied immediately you need to check for change in roles on every request. To do that in Startup.Auth.cs find this line:
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(0), // <-- This is zero. Check on every request
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager)),
这是更新的cookie的一个框架的方法。默认情况下 validateInterval 设置为30分钟。如果你把它设置为零,系统将创建在每次请求更新的角色,新的Cookie。如果你有足够多的用户打在同一时间你的系统,这可能是太多了DB-负载。所以我增加了时间跨度为30秒,1-2分钟。
This is a framework's way of updating cookie. By default validateInterval is set for 30 minutes. If you set it to zero, the system will create a new cookie with updated roles on every request. This might be too much DB-load if you have enough users hitting your system at the same time. So I'd increase the timespan to 30-seconds-1-2minutes.
此功能是建成一个方式由单一的密码更改注销所有会话。但也是行之有效的为您的目的。
This feature was built as a way to logout all sessions by a single password change. But also works well for your purposes.
这篇关于ASP.NET身份,添加其他用户到角色瞬间(他们没有注销并重新)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
