Asp.net mvc 在MVC.NET的授权服务中,我在哪里设置角色?
我不知道我错过了什么,我也不知道还有什么可以让它正确。我将尝试这个灰色问题,看看我是否更接近解决方案。我正在构建一个.NETMVC应用程序 此应用程序正在使用DotNetOpenAuth库使用OpenID进行身份验证,一切正常。一旦用户进行了身份验证,我就将openid令牌重新记录在数据库中,并创建如下所示的表单身份验证调用Asp.net mvc 在MVC.NET的授权服务中,我在哪里设置角色?,asp.net-mvc,asp.net-membership,openid,authorization,Asp.net Mvc,Asp.net Membership,Openid,Authorization,我不知道我错过了什么,我也不知道还有什么可以让它正确。我将尝试这个灰色问题,看看我是否更接近解决方案。我正在构建一个.NETMVC应用程序 此应用程序正在使用DotNetOpenAuth库使用OpenID进行身份验证,一切正常。一旦用户进行了身份验证,我就将openid令牌重新记录在数据库中,并创建如下所示的表单身份验证调用 FormsAuthentication.SetAuthCookie(confirmedUser.OpenID, false); 在此之后,该用户将
FormsAuthentication.SetAuthCookie(confirmedUser.OpenID, false);
在此之后,该用户将传递我代码中的所有authorize属性。如下图所示:
[Authorize]
public ActionResult About()
{
return View();
}
[Authorize(Roles="Administrator")]
public ActionResult About()
{
return View();
}
我不知道在哪里为特定用户设置角色。我没有使用会员服务
我需要处理以下属性:
[Authorize]
public ActionResult About()
{
return View();
}
[Authorize(Roles="Administrator")]
public ActionResult About()
{
return View();
}
我还在学习这些东西,但是您可能需要创建一个自定义授权属性。退房。首先,不使用会员资格提供商对您有好处。这在OpenID中不起作用 要使角色在没有成员资格提供程序的情况下工作,您需要实现自己的类,该类派生自
System.Web.Security.RoleProvider
。它完全脱离了身份验证,这对您来说很容易。您只需要在数据库中与每个用户存储他们所属的角色,然后RoleProvider与该数据库交互
public class MyRoleProvider : RoleProvider {
public override string ApplicationName {
get { throw new NotImplementedException(); }
set { throw new NotImplementedException(); }
}
public override void AddUsersToRoles(string[] usernames, string[] roleNames) {
var users = from token in Global.DataContext.AuthenticationToken
where usernames.Contains(token.ClaimedIdentifier)
select token.User;
var roles = from role in Global.DataContext.Role
where roleNames.Contains(role.Name, StringComparer.OrdinalIgnoreCase)
select role;
foreach (User user in users) {
foreach (Role role in roles) {
user.Roles.Add(role);
}
}
}
public override void RemoveUsersFromRoles(string[] usernames, string[] roleNames) {
var users = from token in Global.DataContext.AuthenticationToken
where usernames.Contains(token.ClaimedIdentifier)
select token.User;
var roles = from role in Global.DataContext.Role
where roleNames.Contains(role.Name, StringComparer.OrdinalIgnoreCase)
select role;
foreach (User user in users) {
foreach (Role role in roles) {
user.Roles.Remove(role);
}
}
}
public override void CreateRole(string roleName) {
Global.DataContext.AddToRole(new Role { Name = roleName });
}
/// <summary>
/// Removes a role from the data source for the configured applicationName.
/// </summary>
/// <param name="roleName">The name of the role to delete.</param>
/// <param name="throwOnPopulatedRole">If true, throw an exception if <paramref name="roleName"/> has one or more members and do not delete <paramref name="roleName"/>.</param>
/// <returns>
/// true if the role was successfully deleted; otherwise, false.
/// </returns>
public override bool DeleteRole(string roleName, bool throwOnPopulatedRole) {
Role role = Global.DataContext.Role.SingleOrDefault(r => r.Name == roleName);
if (role == null) {
return false;
}
if (throwOnPopulatedRole && role.Users.Count > 0) {
throw new InvalidOperationException();
}
Global.DataContext.DeleteObject(roleName);
return true;
}
/// <summary>
/// Gets an array of user names in a role where the user name contains the specified user name to match.
/// </summary>
/// <param name="roleName">The role to search in.</param>
/// <param name="usernameToMatch">The user name to search for.</param>
/// <returns>
/// A string array containing the names of all the users where the user name matches <paramref name="usernameToMatch"/> and the user is a member of the specified role.
/// </returns>
public override string[] FindUsersInRole(string roleName, string usernameToMatch) {
return (from role in Global.DataContext.Role
where role.Name == roleName
from user in role.Users
from authTokens in user.AuthenticationTokens
where authTokens.ClaimedIdentifier == usernameToMatch
select authTokens.ClaimedIdentifier).ToArray();
}
public override string[] GetAllRoles() {
return Global.DataContext.Role.Select(role => role.Name).ToArray();
}
public override string[] GetRolesForUser(string username) {
return (from authToken in Global.DataContext.AuthenticationToken
where authToken.ClaimedIdentifier == username
from role in authToken.User.Roles
select role.Name).ToArray();
}
public override string[] GetUsersInRole(string roleName) {
return (from role in Global.DataContext.Role
where string.Equals(role.Name, roleName, StringComparison.OrdinalIgnoreCase)
from user in role.Users
from token in user.AuthenticationTokens
select token.ClaimedIdentifier).ToArray();
}
public override bool IsUserInRole(string username, string roleName) {
Role role = Global.DataContext.Role.SingleOrDefault(r => string.Equals(r.Name, roleName, StringComparison.OrdinalIgnoreCase));
if (role != null) {
return role.Users.Any(user => user.AuthenticationTokens.Any(token => token.ClaimedIdentifier == username));
}
return false;
}
public override bool RoleExists(string roleName) {
return Global.DataContext.Role.Any(role => string.Equals(role.Name, roleName, StringComparison.OrdinalIgnoreCase));
}
}
编写角色提供程序类后,在web.config文件中将其连接起来。此代码段应该出现在您的system.web
部分中
<roleManager enabled="true" defaultProvider="Database">
<providers>
<add name="Database" type="MyRoleProvider" />
</providers>
</roleManager>
下面是我为OpenIDWeb应用程序编写的一个角色提供程序。它是使用LINQtoEntities编写的,但是您可以得到这个想法并将其实现为针对您的数据库
public class MyRoleProvider : RoleProvider {
public override string ApplicationName {
get { throw new NotImplementedException(); }
set { throw new NotImplementedException(); }
}
public override void AddUsersToRoles(string[] usernames, string[] roleNames) {
var users = from token in Global.DataContext.AuthenticationToken
where usernames.Contains(token.ClaimedIdentifier)
select token.User;
var roles = from role in Global.DataContext.Role
where roleNames.Contains(role.Name, StringComparer.OrdinalIgnoreCase)
select role;
foreach (User user in users) {
foreach (Role role in roles) {
user.Roles.Add(role);
}
}
}
public override void RemoveUsersFromRoles(string[] usernames, string[] roleNames) {
var users = from token in Global.DataContext.AuthenticationToken
where usernames.Contains(token.ClaimedIdentifier)
select token.User;
var roles = from role in Global.DataContext.Role
where roleNames.Contains(role.Name, StringComparer.OrdinalIgnoreCase)
select role;
foreach (User user in users) {
foreach (Role role in roles) {
user.Roles.Remove(role);
}
}
}
public override void CreateRole(string roleName) {
Global.DataContext.AddToRole(new Role { Name = roleName });
}
/// <summary>
/// Removes a role from the data source for the configured applicationName.
/// </summary>
/// <param name="roleName">The name of the role to delete.</param>
/// <param name="throwOnPopulatedRole">If true, throw an exception if <paramref name="roleName"/> has one or more members and do not delete <paramref name="roleName"/>.</param>
/// <returns>
/// true if the role was successfully deleted; otherwise, false.
/// </returns>
public override bool DeleteRole(string roleName, bool throwOnPopulatedRole) {
Role role = Global.DataContext.Role.SingleOrDefault(r => r.Name == roleName);
if (role == null) {
return false;
}
if (throwOnPopulatedRole && role.Users.Count > 0) {
throw new InvalidOperationException();
}
Global.DataContext.DeleteObject(roleName);
return true;
}
/// <summary>
/// Gets an array of user names in a role where the user name contains the specified user name to match.
/// </summary>
/// <param name="roleName">The role to search in.</param>
/// <param name="usernameToMatch">The user name to search for.</param>
/// <returns>
/// A string array containing the names of all the users where the user name matches <paramref name="usernameToMatch"/> and the user is a member of the specified role.
/// </returns>
public override string[] FindUsersInRole(string roleName, string usernameToMatch) {
return (from role in Global.DataContext.Role
where role.Name == roleName
from user in role.Users
from authTokens in user.AuthenticationTokens
where authTokens.ClaimedIdentifier == usernameToMatch
select authTokens.ClaimedIdentifier).ToArray();
}
public override string[] GetAllRoles() {
return Global.DataContext.Role.Select(role => role.Name).ToArray();
}
public override string[] GetRolesForUser(string username) {
return (from authToken in Global.DataContext.AuthenticationToken
where authToken.ClaimedIdentifier == username
from role in authToken.User.Roles
select role.Name).ToArray();
}
public override string[] GetUsersInRole(string roleName) {
return (from role in Global.DataContext.Role
where string.Equals(role.Name, roleName, StringComparison.OrdinalIgnoreCase)
from user in role.Users
from token in user.AuthenticationTokens
select token.ClaimedIdentifier).ToArray();
}
public override bool IsUserInRole(string username, string roleName) {
Role role = Global.DataContext.Role.SingleOrDefault(r => string.Equals(r.Name, roleName, StringComparison.OrdinalIgnoreCase));
if (role != null) {
return role.Users.Any(user => user.AuthenticationTokens.Any(token => token.ClaimedIdentifier == username));
}
return false;
}
public override bool RoleExists(string roleName) {
return Global.DataContext.Role.Any(role => string.Equals(role.Name, roleName, StringComparison.OrdinalIgnoreCase));
}
}
公共类MyRoleProvider:RoleProvider{
公共重写字符串ApplicationName{
获取{抛出新的NotImplementedException();}
设置{抛出新的NotImplementedException();}
}
public override void AddUsersToRoles(字符串[]用户名,字符串[]角色名){
var users=来自Global.DataContext.AuthenticationToken中的令牌
其中usernames.Contains(token.ClaimedIdentifier)
选择token.User;
var roles=来自Global.DataContext.role中的角色
其中roleNames.Contains(role.Name,StringComparer.OrdinalIgnoreCase)
选择角色;
foreach(用户中的用户){
foreach(角色中的角色){
user.Roles.Add(角色);
}
}
}
public override void RemoveUsersFromRoles(字符串[]用户名,字符串[]角色名){
var users=来自Global.DataContext.AuthenticationToken中的令牌
其中usernames.Contains(token.ClaimedIdentifier)
选择token.User;
var roles=来自Global.DataContext.role中的角色
其中roleNames.Contains(role.Name,StringComparer.OrdinalIgnoreCase)
选择角色;
foreach(用户中的用户){
foreach(角色中的角色){
user.Roles.Remove(角色);
}
}
}
公共重写无效CreateRole(字符串roleName){
Global.DataContext.AddToRole(新角色{Name=roleName});
}
///
///从配置的applicationName的数据源中删除角色。
///
///要删除的角色的名称。
///如果为true,则在有一个或多个成员且不删除时引发异常。
///
///如果角色已成功删除,则为true;否则为false。
///
public override bool DeleteRole(字符串roleName,bool throwOnPopulatedRole){
Role Role=Global.DataContext.Role.SingleOrDefault(r=>r.Name==roleName);
如果(角色==null){
返回false;
}
if(throwonPowlatedRole&&role.Users.Count>0){
抛出新的InvalidOperationException();
}
Global.DataContext.DeleteObject(roleName);
返回true;
}
///
///获取角色中的用户名数组,其中用户名包含要匹配的指定用户名。
///
///要搜索的角色。
///要搜索的用户名。
///
///一个字符串数组,包含用户名匹配且用户是指定角色成员的所有用户的名称。
///
公共重写字符串[]FindUsersInRole(字符串roleName,字符串usernameToMatch){
返回(来自Global.DataContext.role中的角色
其中role.Name==roleName
来自角色中的用户。用户
来自user.AuthenticationTokens中的authTokens
其中authTokens.ClaimedIdentifier==usernameToMatch
选择authTokens.ClaimedIdentifier.ToArray();
}
公共重写字符串[]GetAllRoles(){
返回Global.DataContext.Role.Select(Role=>Role.Name).ToArray();
}
公共重写字符串[]GetRolesForUser(字符串用户名){
返回(来自Global.DataContext.AuthenticationToken中的authToken
其中authToken.ClaimedIdentifier==用户名
来自authToken.User.Roles中的角色
选择role.Name).ToArray();
}
公共重写字符串[]GetUsersInRole(字符串roleName){
返回(来自Global.DataContext.role中的角色
其中string.Equals(role.Name、roleName、StringComparison.OrdinalIgnoreCase)
来自角色中的用户。用户
来自user.AuthenticationTokens中的令牌
选择token.claimdidentifier.ToArray();
}
public override bool IsUserInRole(字符串用户名、字符串角色名){
Role Role=Global.DataContext.Role.SingleOrDefault(r=>string.Equals(r.Name,roleName,StringComparison.OrdinalIgnoreCase));
if(角色!=null){
返回role.Users.Any(user=>user.AuthenticationTokens.Any(token=>token.ClaimedIdentifier==username));
}
返回false;
}
公众对