Asp.net 应用程序\u AuthenticateRequest延迟启动_Asp.net_Asp.net Mvc 5_Forms Authentication

Asp.net 应用程序\u AuthenticateRequest延迟启动

asp.net asp.net-mvc-5

Asp.net 应用程序\u AuthenticateRequest延迟启动,asp.net,asp.net-mvc-5,forms-authentication,Asp.net,Asp.net Mvc 5,Forms Authentication,当我创建formsauthenticationticket时，不会立即启动应用程序\u AuthenticateRequest（在global.asax中）。当我选中user.isrole时，它是空的。但稍后，当我尝试另一个操作时，将启动应用程序_AuthenticateRequest，并设置用户的角色登录功能： if (loggedIn) { ViewBag.loginFailed = 1;

当我创建formsauthenticationticket时，不会立即启动应用程序\u AuthenticateRequest（在global.asax中）。当我选中user.isrole时，它是空的。但稍后，当我尝试另一个操作时，将启动应用程序_AuthenticateRequest，并设置用户的角色

登录功能：

      if (loggedIn)
            {
                ViewBag.loginFailed = 1;
                string roles = "Administrator";
                CreateTicket(pharmacist.ID.ToString(), roles);
                LoginRedirect();
            }

方法：

    [Authorize(Roles = "Administrator, User")]
    private void CreateTicket(string id, string role)
    {

        var ticket = new FormsAuthenticationTicket(
                version: 1,
                name: id,
                issueDate: DateTime.Now,
                expiration: DateTime.Now.AddHours(1),
                isPersistent: false,
                userData: role);

        var encryptedTicket = FormsAuthentication.Encrypt(ticket);
        var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
        HttpContext.Response.Cookies.Add(cookie);
    }

   [Authorize(Roles = "Administrator, User")]
    private ActionResult LoginRedirect() {
        if (User.IsInRole("Administrator"))
        {
            return RedirectToAction("Index", "Pharmacist");
        }
        else if (User.IsInRole("User"))
        {
            return RedirectToAction("Index", "Patient");
        }
        else {
            return RedirectToAction("Logout", "Authentication");
        }
    }

应用程序验证请求

  protected void Application_AuthenticateRequest(Object sender, EventArgs e)
    {
        if (HttpContext.Current.User != null)
        {
            if (HttpContext.Current.User.Identity.IsAuthenticated)
            {
                if (HttpContext.Current.User.Identity is FormsIdentity)
                {
                    FormsIdentity id =
                        (FormsIdentity)HttpContext.Current.User.Identity;
                    FormsAuthenticationTicket ticket = id.Ticket;

                    // Get the stored user-data, in this case, our roles
                    string userData = ticket.UserData;
                    string[] roles = userData.Split(',');
                    HttpContext.Current.User = new GenericPrincipal(id, roles);
                }
            }
        }
    }

应用程序\u AuthenticateRequest仅在您请求新资源时调用

在您的情况下，您仍然处于创建表单身份验证票证的请求中。因此，主对象尚未分配给当前线程
如果要从当前线程检索IPrincipal，则需要显式分配它。
还要确保在应用程序\u AuthenticateRequest中有这两行

protected void Application_AuthenticateRequest(Object sender, EventArgs e) { ... HttpContext.Current.User = new GenericPrincipal(id, roles); Thread.CurrentPrincipal = HttpContext.Current.User; <-- Do not forget this. ... }

受保护的无效应用程序\u AuthenticateRequest（对象发送方，事件参数e） { ... HttpContext.Current.User=新的GenericPrincipal（id、角色）； Thread.CurrentPrincipal=HttpContext.Current.User；仅当您请求新资源时才会调用应用程序\u AuthenticateRequest 在您的情况下，您仍然处于创建FormsAuthenticationTicket的请求中。因此，主体对象尚未分配给当前线程如果要从当前线程检索IPrincipal，则需要显式分配它。还要确保在应用程序\u AuthenticateRequest中有这两行 protected void Application_AuthenticateRequest(Object sender, EventArgs e) { ... HttpContext.Current.User = new GenericPrincipal(id, roles); Thread.CurrentPrincipal = HttpContext.Current.User; <-- Do not forget this. ... } 受保护的无效应用程序\u AuthenticateRequest（对象发送方，事件参数e） { ... HttpContext.Current.User=新的GenericPrincipal（id、角色）； Thread.CurrentPrincipal=HttpContext.Current.User； [Authorize(Roles = "Administrator, User")] <-- This is not needed. private void CreateTicket(string id, string role) { ... }