Application_AuthenticateRequest在创建表单身份验证票据之前首先执行

本文关键字:执行 身份验证 AuthenticateRequest 创建 表单 Application | 更新日期: 2023-09-27 17:53:55

我在使用基于角色的安全性与表单身份验证时遇到了麻烦,每次我尝试登录第一次票证似乎没有UserData作为Application_Authenticate请求首先执行,并且我的if语句没有执行,因为角色在第一次发布后没有。

请帮忙!

我的登录点击事件:

 protected void signin_click(object sender, EventArgs e)
{
    if (con.State == ConnectionState.Closed)
    {
        con.Open();
    }
    HashData ob = new HashData();//Custom Class used for Hashing Passwords
    SqlCommand cmd = new SqlCommand("Logincheck", con);
    cmd.CommandType = CommandType.StoredProcedure;
    cmd.Parameters.Add("@username", SqlDbType.VarChar, 50).Value = txt_username.Text.Trim();
    string pass = ob.Encrypt(txt_pass.Text.Trim());
    cmd.Parameters.Add("@password", SqlDbType.VarChar, 50).Value = pass;
    SqlParameter result = new SqlParameter("@result", SqlDbType.Int) { Direction = ParameterDirection.Output };
    SqlParameter userrole = new SqlParameter("@userrole", SqlDbType.VarChar,50) { Direction = ParameterDirection.Output };
    cmd.Parameters.Add(result); cmd.Parameters.Add(userrole);
    cmd.ExecuteNonQuery();
    int rslt = Convert.ToInt32(result.Value);
    if (rslt == -1)
    {
        string message = "Login Failed";
        string url = "Login.aspx";
        string script = "window.onload = function(){ alert('";
        script += message;
        script += "');";
        script += "window.location = '";
        script += url;
        script += "'; }";
        ClientScript.RegisterStartupScript(this.GetType(), "Redirect", script, true);
    }
    string u_role = userrole.Value.ToString();
    FormsAuthenticationTicket ticket = new FormsAuthenticationTicket
        (1, txt_username.Text.Trim(), DateTime.Now,
        DateTime.Now.AddMinutes(30), false, u_role,
        FormsAuthentication.FormsCookiePath);
    string hash = FormsAuthentication.Encrypt(ticket);
    HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash);
    if (ticket.IsPersistent)
    {
        cookie.Expires = ticket.Expiration;
    }
    Response.Cookies.Add(cookie);
    if (User.IsInRole("admin"))
    {
        Response.Redirect("~/Admin/Admin.aspx");
    }
    if (User.IsInRole("manager"))
    {
        Response.Redirect("~/Manager/Manager.aspx");
    }
    if (User.IsInRole("teamlead"))
    {
        Response.Redirect("~/Teamlead/Teamlead.aspx");
    }
    if (User.IsInRole("qa"))
    {
        Response.Redirect("~/Default.aspx");
    }
    cmd.Dispose();
    con.Close();
}

和我的全局。ASAX文件

protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
    if (HttpContext.Current.User != null)
    {
        if (HttpContext.Current.User.Identity.IsAuthenticated)
        {
            if (HttpContext.Current.User.Identity is FormsIdentity)
            {
                FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
                FormsAuthenticationTicket ticket = id.Ticket;
                string userData = ticket.UserData;
                string[] roles = userData.Split(',');
                HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(id, roles);
            }
        }
    }
}

Application_AuthenticateRequest在创建表单身份验证票据之前首先执行

用户,我自己找到解决方案了。IsInRole将在表单认证票据生成和我们的主要对象生成后生效。后回发。

所以为了解决这个问题,我使用静态角色从数据库只重定向。

 protected void signin_click(object sender, EventArgs e)
{
    if (con.State == ConnectionState.Closed)
    {
        con.Open();
    }
    HashData ob = new HashData();//Custom Class used for Hashing Passwords
    SqlCommand cmd = new SqlCommand("Logincheck", con);
    cmd.CommandType = CommandType.StoredProcedure;
    cmd.Parameters.Add("@username", SqlDbType.VarChar, 50).Value = txt_username.Text.Trim();
    string pass = ob.Encrypt(txt_pass.Text.Trim());
    cmd.Parameters.Add("@password", SqlDbType.VarChar, 50).Value = pass;
    SqlParameter result = new SqlParameter("@result", SqlDbType.Int) { Direction = ParameterDirection.Output };
    SqlParameter userrole = new SqlParameter("@userrole", SqlDbType.VarChar,50) { Direction = ParameterDirection.Output };
    cmd.Parameters.Add(result); cmd.Parameters.Add(userrole);
    cmd.ExecuteNonQuery();
    int rslt = Convert.ToInt32(result.Value);
    if (rslt == -1)
    {
        string message = "Login Failed";
        string url = "Login.aspx";
        string script = "window.onload = function(){ alert('";
        script += message;
        script += "');";
        script += "window.location = '";
        script += url;
        script += "'; }";
        ClientScript.RegisterStartupScript(this.GetType(), "Redirect", script, true);
    }
    string u_role = userrole.Value.ToString();
    FormsAuthenticationTicket ticket = new FormsAuthenticationTicket
        (1, txt_username.Text.Trim(), DateTime.Now,
        DateTime.Now.AddMinutes(30), false, u_role,
        FormsAuthentication.FormsCookiePath);
    string hash = FormsAuthentication.Encrypt(ticket);
    HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash);
    if (ticket.IsPersistent)
    {
        cookie.Expires = ticket.Expiration;
    }
    Response.Cookies.Add(cookie);
   // Response.Redirect("Redirecting.aspx");
    if (u_role == "admin")
    {
        Response.Redirect("~/Admin/Admin.aspx");
    }
    if (u_role == "admin" || u_role == "manager")
    {
        Response.Redirect("~/Manager/Manager.aspx");
    }
    if (u_role == "teamlead" || u_role == "admin" || u_role == "manager")
    {
        Response.Redirect("~/Teamlead/Teamlead.aspx");
    }
    if (u_role == "qa")
    {
        Response.Redirect("Default.aspx");
    }
    cmd.Dispose();
    con.Close();
}

现在运行正常,

谢谢。

相关文章: