使用表单身份验证的ASP.Net网站在回发时引发安全异常
我为我的ASP.net web应用程序使用了自定义的基于角色的表单身份验证安全性。角色、用户从sql server获取。该框架针对4.0版 我使用了来自的代码 在登录时创建FormsAuthenticationTicket,然后我编写了在应用程序\u PreRequestHandlerExecute方法中创建GenericPrincipal对象的代码使用表单身份验证的ASP.Net网站在回发时引发安全异常,asp.net,security,forms-authentication,securityexception,principalpermission,Asp.net,Security,Forms Authentication,Securityexception,Principalpermission,我为我的ASP.net web应用程序使用了自定义的基于角色的表单身份验证安全性。角色、用户从sql server获取。该框架针对4.0版 我使用了来自的代码 在登录时创建FormsAuthenticationTicket,然后我编写了在应用程序\u PreRequestHandlerExecute方法中创建GenericPrincipal对象的代码 string cookieName = FormsAuthentication.FormsCookieName; HttpCookie
string cookieName = FormsAuthentication.FormsCookieName;
HttpCookie authCookie = Context.Request.Cookies[cookieName];
if (authCookie == null) return;
FormsAuthenticationTicket authTicket;
try
{
authTicket = FormsAuthentication.Decrypt(authCookie.Value);
}
catch (Exception ex)
{
throw;
}
if (authTicket == null)
throw new Exception("");
FormsIdentity id = new FormsIdentity(authTicket);
if(HttpContext.Current.Session != null)
{
GenericPrincipal principal = new GenericPrincipal(id, new String[]{ "Manager"});
System.Threading.Thread.CurrentPrincipal = principal;
}
[PrincipalPermissionAttribute(SecurityAction.Demand, Role="Manager")]
protected void Page_Load(object sender, EventArgs e)
{
}
GenericPrincipal principal = new GenericPrincipal(id, new String[]{ "Manager"});
HttpContext.Current.User = principal;
System.Threading.Thread.CurrentPrincipal = HttpContext.Current.User;
GenericPrincipal principal = new GenericPrincipal(id, new String[]{ "Manager"});
HttpContext.Current.User = principal;
System.Threading.Thread.CurrentPrincipal = System.Web.HttpContext.Current.User;
这就解决了这个问题,不知道为什么只有当管道被设置为“集成”并且在没有此代码的情况下以经典方式工作时才需要这样做。GenericPrincipal=new GenericPrincipal(id,new String[]{“Manager”});HttpContext.Current.User=主体;System.Threading.Thread.CurrentPrincipal=System.Web.HttpContext.Current.User;这就解决了这个问题,不知道为什么只有当管道被设置为integrated并且在经典中没有此代码时才需要这样做。
GenericPrincipal principal = new GenericPrincipal(id, new String[]{ "Manager"});
HttpContext.Current.User = principal;
System.Threading.Thread.CurrentPrincipal = System.Web.HttpContext.Current.User;