问题
I want to create web portal, where there will be multiple users of 3-4 types. So I have created roles in Startup.cs Like
public void Configuration(IAppBuilder app)
{
ConfigureAuth(app);
createRolesandUsers();
}
// In this method we will create default User & roles
private void createRolesandUsers()
{
ApplicationDbContext context = new ApplicationDbContext();
var roleManager = new RoleManager<IdentityRole>(new RoleStore<IdentityRole>(context));
var UserManager = new UserManager<ApplicationUser>(new UserStore<ApplicationUser>(context));
if (!roleManager.RoleExists("Admin"))
{
var role = new Microsoft.AspNet.Identity.EntityFramework.IdentityRole();
role.Name = "Admin";
roleManager.Create(role);
var user = new ApplicationUser();
user.UserName = "1";
user.Email = "a@b.com";
user.ScreenName = "Ra";
user.UserType = "Admin";
string userPWD = "1";
var chkUser = UserManager.Create(user, userPWD);
if (chkUser.Succeeded)
{
var result1 = UserManager.AddToRole(user.Id, "Investor");
}
}
It creates Usertypes and on login page I give radio button to select own type. Now, suppose there are 4 roles.
- Admin
- Player
- Coach
And suppose 10 people signup to site
2 people as admin 4 people as player 4 people as coach.
Now each one has it's type and user id. And if they log in, they can't access controllers of each other due to Autorize attribute. But my question is, what about 4 players? Will they be ever able to access each others account? They have same authorize rights and they are authenticate too. How can I prevent users from same type to access each other's account ? I use " User.Identity.GetUserId() " on each page to get current user and I log all transactions by current id.
来源:https://stackoverflow.com/questions/36881617/will-identity-fail-if-i-assign-roles-and-every-time-i-use-user-identity-getuseri