1. 首頁
  2. 問答
  3. ServiceStack RequiredRole不要求角色來訪問

ServiceStack RequiredRole不要求角色來訪問

2013-11-14 35 views
2

我想定義一個服務堆棧服務的權限,只能訪問管理員角色,例如,我有這個服務的RequireRole屬性,但它似乎無法正常工作,因爲我可以作爲用戶訪問該服務。ServiceStack RequiredRole不要求角色來訪問

[Authenticate] 
[RequiredRole("Admin")] 
public class HelloService : Service 
{ 
    public const string HelloServiceCounterKey = "HelloServiceCounter"; 

    public object Any(HelloRequest request) 
    { 
      var userSession = SessionAs<AppHost.CustomUserSession>(); 
      Session.Set(HelloServiceCounterKey, Session.Get<int>(HelloServiceCounterKey) + 1); 
      var roles = string.Join(", ", userSession.Roles.ToArray()); 
      return new HelloResponse { Result = "Hello, " + request.Name + ", your role(s): " + roles }; 

    } 
}

AccountController.cs

[HttpPost] 
    [AllowAnonymous] 
    [ValidateAntiForgeryToken] 
    public ActionResult Login(LoginModel model, string returnUrl) 
    { 
     if (ModelState.IsValid) 
     { 
      try 
      { 
       if (!WebSecurity.UserExists("Admin")) 
        WebSecurity.CreateUserAndAccount("admin", "abc"); 

       var authService = AppHostBase.Resolve<AuthService>(); 
       authService.RequestContext = System.Web.HttpContext.Current.ToRequestContext(); 
       var response = authService.Authenticate(new Auth 
                  { 
                   UserName = model.UserName, 
                   Password = model.Password, 
                   RememberMe = model.RememberMe 
                  }); 

       // add ASP.NET auth cookie 
       FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe); 

       return RedirectToLocal(returnUrl); 
      } 
      catch (HttpError) 
      { 
      } 
     }

,這裏是我的AppHost.cs

public override void Configure(Funq.Container container) 
    { 

     /*Register storage for User Session */ 
     container.Register<ICacheClient>(new MemoryCacheClient()); /*Tipo Base de MemoryCacheClient es ICacheClient*/ 
     container.Register<ISessionFactory>(c => new SessionFactory(c.Resolve<ICacheClient>())); /*Tipo Base de SessionFactory es ISessionFactory*/ 


     Plugins.Add(new AuthFeature(
      () => new CustomUserSession(), 
      new[] { new CustomCredentialsAuthProvider() } 
     )); 

     Plugins.Add(new SessionFeature()); 

     Routes 
      .Add<HelloService>("/hello") 
      .Add<HelloService>("/hello/{Name*}"); 

     //Set JSON web services to return idiomatic JSON camelCase properties 
     ServiceStack.Text.JsConfig.EmitCamelCaseNames = true; 

     container.Register(new TodoRepository());   

     //Set MVC to use the same Funq IOC as ServiceStack 
     ControllerBuilder.Current.SetControllerFactory(new FunqControllerFactory(container)); 
    }

來源

2013-11-14 rr7

+0

您是否在應用程序主機中正確註冊了身份驗證提供程序? –

+0

這種方式是正確的? _italic_ ** bold **'Plugins.Add(new AuthFeature( ()=> new CustomUserSession(), new [] {new CustomCredentialsAuthProvider()} ));'@Prashant Lakhlani – rr7

+0

是的,看起來是正確的,可以你粘貼你的apphost代碼? –

回答

0

wiki狀態:

與身份驗證,您可以標記服務(而不是的DTO)與 RequiredPermission屬性也一樣。

它沒有說明是否可以使用RequiredRole屬性與服務,所以我認爲你不能看着在source評論它似乎只指定requestDTO對象。

來源

2014-04-21 03:14:36 Darren

+0

(我也希望你可以在任何方法上使用它)。 – Darren

+1

您可以對Service進行歸類,這裏的問題是直接在代碼中調用服務不會應用Request過濾器,因爲它只是一個直接的C#方法調用。 – mythz

相關問題

 相關問題