添加/更改用户后CustomAuthorize属性未更新
本文关键字:CustomAuthorize 属性 更新 用户 添加 | 更新日期: 2023-09-27 18:25:18
我有一个内部MVC站点的问题。我可能把这个标题弄错了,因为我不知道问题到底在哪里。我有以下自定义授权属性:
public class CustomAuthorizeAttribute : AuthorizeAttribute
{
public CustomAuthorizeAttribute(params string[] roles)
{
using (var dataLayer = new CarrierBoundEntities())
{
string userNames = string.Empty;
foreach (var user in dataLayer.tbl_PremiumWriteOffs_Users)
{
if (roles.Contains(user.Role))
{
userNames += user.Username + ",";
}
}
if (userNames.Length > 0)
{
// Remove last comma
userNames.Remove(userNames.Length - 1);
}
Users = userNames;
}
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
}
}
数据层是实体框架创建的默认DbContext。有一个视图允许具有管理员角色的用户添加/编辑用户。以下是处理帖子以编辑用户的控制器:
[HttpPost]
[ValidateAntiForgeryToken]
[CustomAuthorize(new string[] { "Admin" })]
public ActionResult UsersEditView(UsersVM viewModel)
{
using (var dataLayer = new CarrierBoundEntities())
{
var userToEdit = dataLayer.tbl_PremiumWriteOffs_Users.SingleOrDefault(x => x.ID == viewModel.UserSubmit.ID);
if (userToEdit == null)
{
return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
}
// If the username was changed then check and display error if it's the same as another entry
if (userToEdit.Username.Equals(viewModel.UserSubmit.Username, StringComparison.OrdinalIgnoreCase) == false)
{
foreach (var user in dataLayer.tbl_PremiumWriteOffs_Users)
{
if (user.Username.Equals(viewModel.UserSubmit.Username, StringComparison.OrdinalIgnoreCase))
{
ModelState.AddModelError("UserSubmit.Username", "A user with this username already exists.");
break;
}
}
}
if (ModelState.IsValid)
{
userToEdit.Username = viewModel.UserSubmit.Username;
userToEdit.Role = viewModel.UserSubmit.Role;
userToEdit.UserLastModified = this.User.Identity.Name;
userToEdit.DateLastModified = DateTime.Now;
dataLayer.SaveChanges();
return RedirectToAction("UsersView");
}
viewModel.RoleSelect = GetRoleSelectList();
return View(viewModel);
}
}
现在,当我在机器上本地运行它时,一切都很好,但当部署在服务器上时,当添加新用户或更改现有用户的角色时,某些内容不会得到更新。新用户仍然无法访问网站的任何部分,从管理员更改为用户的用户仍然可以访问管理区域。在服务器上重新启动应用程序之前,它一直保持这种状态。
奇怪的是,在进行更改后,更改在前端和后端都可见,因此数据库和实体上下文似乎都得到了很好的更新。因此,我认为可能是自定义authorize属性没有随着新的用户名列表更新,但我真的不知道,而且在调试时遇到了困难,因为它在本地应该可以正常工作。
如有任何帮助,我们将不胜感激。
您尝试扩展AuthorizeAttribue
的方式是错误的。你需要做这样的事情:
public class CustomAuthorizeAttribute : AuthorizeAttribute
{
private string[] _roles;
public CustomAuthorizeAttribute(params string[] roles)
{
_roles = roles;
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var user = httpContext.User;
var isAuthorized = false;
// check in the database to see if the user
// is in one of the Roles in _roles and therefore authorized...
if(/* some code to check if the user is authorized */)
{
isAuthorized = true;
}
return isAuthorized;
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
}
}