0
当我创建我的formsauthenticationticket时,Application_AuthenticateRequest(在global.asax中)不立即被触发。当我检查user.isrole时,它是空的。但稍后当我尝试其他操作时,将触发Application_AuthenticateRequest,并设置用户的角色。Application_AuthenticateRequest触发到后端
登录功能:
if (loggedIn)
{
ViewBag.loginFailed = 1;
string roles = "Administrator";
CreateTicket(pharmacist.ID.ToString(), roles);
LoginRedirect();
}
方法:
[Authorize(Roles = "Administrator, User")]
private void CreateTicket(string id, string role)
{
var ticket = new FormsAuthenticationTicket(
version: 1,
name: id,
issueDate: DateTime.Now,
expiration: DateTime.Now.AddHours(1),
isPersistent: false,
userData: role);
var encryptedTicket = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
HttpContext.Response.Cookies.Add(cookie);
}
[Authorize(Roles = "Administrator, User")]
private ActionResult LoginRedirect() {
if (User.IsInRole("Administrator"))
{
return RedirectToAction("Index", "Pharmacist");
}
else if (User.IsInRole("User"))
{
return RedirectToAction("Index", "Patient");
}
else {
return RedirectToAction("Logout", "Authentication");
}
}
Application_AuthenticateRequest
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
if (HttpContext.Current.User != null)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (HttpContext.Current.User.Identity is FormsIdentity)
{
FormsIdentity id =
(FormsIdentity)HttpContext.Current.User.Identity;
FormsAuthenticationTicket ticket = id.Ticket;
// Get the stored user-data, in this case, our roles
string userData = ticket.UserData;
string[] roles = userData.Split(',');
HttpContext.Current.User = new GenericPrincipal(id, roles);
}
}
}
}