本文介绍了为什么会User.IsInRole返回true,但不AuthorizeAttribute?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我的安全ASP.NET MVC 2应用程序,而我是谁中的角色富。用户
I'm securing an ASP.NET MVC 2 application, and I have a user who is in the role "Foo".
这是正确的:
User.IsInRole("Foo")
不过不失,当我试图锁定类似下面的控制器操作,用户被拒绝:
But yet, when I attempt to lock down a controller action like the following, the user is denied:
[Authorize(Roles = "Foo")]
public ActionResult PrivatePage()
{
return View();
}
如果IsInRole报道属实,为什么会授权属性不允许用户?
If IsInRole reports true, why would the Authorize attribute not allow the user in?
推荐答案
它可以,如果你存储永久性Cookie您的窗体身份验证cookie造成的。在这种情况下IsInRole可以检查对cookie的未经核实的最新登录。
It could be caused if you are storing persistent cookies for your forms authentication cookie. In that scenario IsInRole may check against the cookie without verifying up to date login.
这篇关于为什么会User.IsInRole返回true,但不AuthorizeAttribute?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!