2
我正在爲我的管理頁面進行身份驗證。我遵循各種網站的示例,但每次嘗試訪問產品頁面時,它總是會踢我回到登錄頁面。角色身份驗證和授權
這是我的代碼
login.aspx.cs
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
if (User.Identity.IsAuthenticated && Request.QueryString["ReturnUrl"] != "")
{
divError.Visible = true;
divError.InnerHtml = accessErrorMessage;
}
}
}
protected void btn_enter_Click(object sender, EventArgs e)
{
using (var db = new MainDB())
{
administrator=db.Administrators.Where(q => q.Name == txtUsername.Text && q.Password == txtPassword.Text).FirstOrDefault();
if(administrator!=null)
{
administrator.DateLastLogin = DateTime.Now;
roles = administrator.Role;
adminID = administrator.AdministratorId;
db.SaveChanges();
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, // Ticket version
adminID.ToString(), // Username associated with ticket
DateTime.UtcNow, // Date/time issued
DateTime.UtcNow.AddMinutes(30), // Date/time to expire
true, // "true" for a persistent user cookie
**roles, // User-data, in this case the roles(data example: product,feedback,subscribes**
FormsAuthentication.FormsCookiePath); // Path cookie valid for
// Encrypt the cookie using the machine key for secure transport
string hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(
FormsAuthentication.FormsCookieName, // Name of authentication cookie
hash); // Hashed ticket
// Set the cookie's expiration time to the tickets expiration time
if (ticket.IsPersistent) cookie.Expires = ticket.Expiration;
// Add the cookie to the list for outgoing response
Response.Cookies.Add(cookie);
// Redirect to requested URL, or homepage if no previous page
// requested
string returnUrl = Request.QueryString["ReturnUrl"];
if (returnUrl == null)
{
returnUrl = "~/admin/";
}
// Don't call FormsAuthentication.RedirectFromLoginPage since it
// could
// replace the authentication ticket (cookie) we just added
Response.Redirect(returnUrl);
}
else
{
divError.Visible = true;
divError.InnerHtml = loginErrorMessage;
}
//if (FormsAuthentication.Authenticate(txtUsername.Text, txtPassword.Text))
//{
// FormsAuthentication.RedirectFromLoginPage(txtUsername.Text, false);
//}
}
Global.asax的
void Application_AuthenticateRequest(object sender, EventArgs e)
{
if(Request.IsAuthenticated)
{
FormsIdentity identity = (FormsIdentity)HttpContext.Current.User.Identity;
//Add the roles to the User Principal
HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(HttpContext.Current.User.Identity, identity.Ticket.UserData.Split(new char[] { ',' }));
}
}
的web.config
<location path="admin/product">
<system.web>
<authorization>
<!--<allow users="admin"/>-->
<allow roles="product"/>
<deny users="*"/>
</authorization>
</system.web>
<location path="admin/spotlight">
<system.web>
<authorization>
<!--<allow users="admin"/>-->
<allow roles="spotlight"/>
<deny users="*"/>
</authorization>
</system.web>
<location path="admin/career">
<system.web>
<authorization>
<!--<allow users="admin"/>-->
<allow roles="career"/>
<deny users="*"/>
</authorization>
</system.web>
<location path="admin/emailshare">
<system.web>
<authorization>
<!--<allow users="admin"/>-->
<allow roles="emailshare"/>
<deny users="*"/>
</authorization>
</system.web>
我在這裏幹什麼什麼了嗎?
是誰正在嘗試訪問產品頁面的身份驗證用戶,任何角色的一部分? –
@FlopScientist是的...在「角色」字段中有多個值...例如:產品,反饋,訂閱者, 每個人都用逗號分開 –
好的。那麼你確定Authenticated用戶是角色:產品?至少有你一直在嘗試的用戶憑據,它總是會將你發送到登錄頁面? –