问题描述
我用我的 ASP.NET MVC的自定义
通过的IIdentity
和的IPrincipal
EF 4.3
作为expalined here (并按照接受的答案的解决方案)。另外,我有一个自定义的 RoleProvider
。 在本地(使用 IIS防爆preSS
),它的工作原理currectly 。但现在,当我上传一个真正的主机上的应用程序,似乎所有的用户都在管理员
作用!例如我创建不在角色管理员
用户,但它可以访问所有受保护的页面(即需要管理员
角色)。例如 Role.IsUserInRole
总是返回真正
。你有什么想法吗?你可以帮我吗?是否有任何设置,我应该在 IIS做
?
I'm using a custom IIdentity
and IPrincipal
in my ASP.NET MVC
application via EF 4.3
as expalined here (and follow accepted answer's solution). Also, I have a custom RoleProvider
. In local (using IIS Express
), it works currectly. But now, when I upload the application on a real host, it seems all users are in "admin"
role! e.g. I create a user that is not in role "admin"
, but it can access to all protected pages (that need "admin"
role). e.g. Role.IsUserInRole
always returns true
. Have you any idea please? Can you help me? Is there any setting that I should to do in IIS
?
推荐答案
我解释说,解决方案,它为我工作。我现在不,可能是你应该回滚到的AuthenticateRequest
event.If你想尝试这种方式,你必须删除 RoleManagerModule
完全从您的项目。试试这个,让我知道,如果工程或NOP:
I explain that solution and it works for me. I don't now, may be you should rollback to the AuthenticateRequest
event.If you want to try this way, you have to remove RoleManagerModule
completely from your project. Try this and let me know if works or nop:
// in your module:
public void Init(HttpApplication context) {
_application = context;
// rollback this line:
_application.AuthenticateRequest += ApplicationAuthenticateRequest;
}
// and in web.config
<!-- in system.web section: -->
</system.web>
<!-- other stufs -->
<httpModules>
<remove name="RoleManager"/>
</httpModules>
</system.web>
<!-- and in system.webServer section: -->
<system.webServer>
<!-- other stufs -->
<modules runAllManagedModulesForAllRequests="true">
<remove name="RoleManager"/>
</modules>
<system.webServer>
这篇关于RoleProvider不到风度自定义的IIdentity和IPrincipal的服务器上工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!