Asp.net 应用程序\u AuthenticateRequest延迟启动
当我创建formsauthenticationticket时,不会立即启动应用程序\u AuthenticateRequest(在global.asax中)。当我选中user.isrole时,它是空的。但稍后,当我尝试另一个操作时,将启动应用程序_AuthenticateRequest,并设置用户的角色 登录功能:Asp.net 应用程序\u AuthenticateRequest延迟启动,asp.net,asp.net-mvc-5,forms-authentication,Asp.net,Asp.net Mvc 5,Forms Authentication,当我创建formsauthenticationticket时,不会立即启动应用程序\u AuthenticateRequest(在global.asax中)。当我选中user.isrole时,它是空的。但稍后,当我尝试另一个操作时,将启动应用程序_AuthenticateRequest,并设置用户的角色 登录功能: if (loggedIn) { ViewBag.loginFailed = 1;
if (loggedIn)
{
ViewBag.loginFailed = 1;
string roles = "Administrator";
CreateTicket(pharmacist.ID.ToString(), roles);
LoginRedirect();
}
方法:
[Authorize(Roles = "Administrator, User")]
private void CreateTicket(string id, string role)
{
var ticket = new FormsAuthenticationTicket(
version: 1,
name: id,
issueDate: DateTime.Now,
expiration: DateTime.Now.AddHours(1),
isPersistent: false,
userData: role);
var encryptedTicket = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
HttpContext.Response.Cookies.Add(cookie);
}
[Authorize(Roles = "Administrator, User")]
private ActionResult LoginRedirect() {
if (User.IsInRole("Administrator"))
{
return RedirectToAction("Index", "Pharmacist");
}
else if (User.IsInRole("User"))
{
return RedirectToAction("Index", "Patient");
}
else {
return RedirectToAction("Logout", "Authentication");
}
}
应用程序验证请求
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
if (HttpContext.Current.User != null)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (HttpContext.Current.User.Identity is FormsIdentity)
{
FormsIdentity id =
(FormsIdentity)HttpContext.Current.User.Identity;
FormsAuthenticationTicket ticket = id.Ticket;
// Get the stored user-data, in this case, our roles
string userData = ticket.UserData;
string[] roles = userData.Split(',');
HttpContext.Current.User = new GenericPrincipal(id, roles);
}
}
}
}
应用程序\u AuthenticateRequest仅在您请求新资源时调用
在您的情况下,您仍然处于创建表单身份验证票证的请求中。因此,主对象尚未分配给当前线程
如果要从当前线程检索IPrincipal,则需要显式分配它。
还要确保在应用程序\u AuthenticateRequest中有这两行
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
...
HttpContext.Current.User = new GenericPrincipal(id, roles);
Thread.CurrentPrincipal = HttpContext.Current.User; <-- Do not forget this.
...
}
受保护的无效应用程序\u AuthenticateRequest(对象发送方,事件参数e)
{
...
HttpContext.Current.User=新的GenericPrincipal(id、角色);
Thread.CurrentPrincipal=HttpContext.Current.User;仅当您请求新资源时才会调用应用程序\u AuthenticateRequest
在您的情况下,您仍然处于创建FormsAuthenticationTicket的请求中。因此,主体对象尚未分配给当前线程
如果要从当前线程检索IPrincipal,则需要显式分配它。
还要确保在应用程序\u AuthenticateRequest中有这两行
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
...
HttpContext.Current.User = new GenericPrincipal(id, roles);
Thread.CurrentPrincipal = HttpContext.Current.User; <-- Do not forget this.
...
}
受保护的无效应用程序\u AuthenticateRequest(对象发送方,事件参数e)
{
...
HttpContext.Current.User=新的GenericPrincipal(id、角色);
Thread.CurrentPrincipal=HttpContext.Current.User;
[Authorize(Roles = "Administrator, User")] <-- This is not needed.
private void CreateTicket(string id, string role)
{
...
}