问题
Using an OWIN AuthenticationHandler within an MVC site, I sign in a user as follows:
var claims = new List<Claim> { new Claim(ClaimTypes.Role, UIRoles.PowerUser) };
var identity = session.ToClaimsIdentity(DefaultAuthenticationTypes.ApplicationCookie, claims);
Context.Authentication.SignIn(identity);
At some point at a later time, I check that the user is a PowerUser:
User.Identity.HasRole(UIRoles.PowerUser)
This works on my local IIS, but once I publish it on a remote IIS machine, it always returns False when I try to check if the user is a PowerUser. Why could this happen? Am I missing something from, say, the IIS server's configuration or within the remote machine's web.config?
回答1:
I found the cause. It is a bit silly. I was reissuing cookies when I wanted to renew the user's session and the problem was that the SessionInfo object I was renewing these cookies to were being replaced with another SessionInfo object without any extra claims:
session.ToClaimsIdentity(DefaultAuthenticationTypes.ApplicationCookie);
This was wiping the extra claim of UIRoles.PowerUser from the original cookie for me.
来源:https://stackoverflow.com/questions/34537475/owin-identity-roles-work-locally-but-seem-to-disappear-when-i-publish-run-the-s