Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
407 views
in Technique[技术] by (71.8m points)

asp.net mvc 3 - Custom Forms Authentication + MVC3 + AuthorizeAttribute

I am essentially doing is this. However, whenever I use the built in AuthorizeAttribute, the MVC framework (I'm guessing) never looks at my principal to determine if the user has the proper roles. It keeps trying to create a new MDF file in the app_data directory, and because it doesn't have privileged it blows up.

Is this expected behavior, and should I derive my own AuthorizeAttribute and check the principal myself?

Another weird behavior to point out is that I have two sites on the same domain for which I'm doing single sign on. On either site, I'm using the same class library to recreate my custom principal on AuthenticateRequest, and I see when debugging that the principal is getting set correctly on each site. However, site 1 (the one which authenticates to the user) uses the built-in AuthorizeAttribute, and it works perfectly, but site 2, is trying to create an MDF file when any action that has the AuthorizeAttribute is called.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Ok, I figured it out, I had to add this to my web config under system.webServer. This removes the HttpModule that replaces my principal.

<modules runAllManagedModulesForAllRequests="true">
    <remove name="RoleManager" />
</modules>

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...