0
<authorization>
<allow roles = "Admin" />
<deny users="?"/>
</authorization>
protected void FormsAuthentication_OnAuthenticate(Object sender, FormsAuthenticationEventArgs e)
{
if (FormsAuthentication.CookiesSupported == true)
{
if (Request.Cookies[FormsAuthentication.FormsCookieName] != null)
{
string username = FormsAuthentication.Decrypt(Request.Cookies[FormsAuthentication.FormsCookieName].Value).Name;
string roles = string.Empty;
bool check;
using (RealEstateEntities db = new RealEstateEntities())
{
check = db.Admins.Any(model => model.Roles == "Admin" && model.UserName == username);
}
if (check)
roles = "Admin";
else
roles = "User";
// GenericPrincipal userPrincipal = new GenericPrincipal(new GenericIdentity(username,"Forms"), roles);
Context.User = new GenericPrincipal(new GenericIdentity(username, "Forms"), roles.Split(';'));
}
}
}
的Global.asax
[Authorize(Roles = "Admin")]
* 但它不工作*
[Authorize(Users = "Abid")]
它適用於當我在web配置中將角色更改爲用戶時 我是mvc4 plz的新手幫助!
「你不應該在你的web.config文件中使用授權」 - 這是如何處理Content文件夾中的靜態內容的? – Joe
好點。如果你使用捆綁,你不必使用web.config,否則你是對的,你必須使用它。 – LeftyX
感謝您的幫助 –