发表新帖
发表新帖

Custom Forms Authentication + MVC3 + AuthorizeAttribute

前端 未结
关注
2 390
走了就别回头了
走了就别回头了 2020-12-10 21:28

I am essentially doing is this. However, whenever I use the built in AuthorizeAttribute, the MVC framework (I\'m guessing) never looks at my principal to determine if the us

相关标签:
2条回答
  • 庸人自扰
    2020-12-10 21:40

    By default, a new MVC3 application uses the SqlMembershipProvider as the default authorization mechanism, and tries to store the details in a SQL Express db (MDF file).

    So try clearing that in the web.config:

    <membership>
   <providers>
      <clear />
   </providers>
</membership>

    As long as you are implementing all the security objects correctly (IPrincipal, IIdentity), and decryping the forms authentication ticket on Application_AuthenticateRequest, the built-in [Authorize(Roles="RoleName")] should work for you.

    In that link you posted, that is essentialy what we are doing, and it works great.

    0 讨论(0)
  • 忘了有多久
    2020-12-10 21:45

    Ok, I figured it out, I had to add this to my web config under system.webServer. This removes the HttpModule that replaces my principal.

    <modules runAllManagedModulesForAllRequests="true">
    <remove name="RoleManager" />
</modules>
    0 讨论(0)
 看不清?
提交回复
热议问题