All geek questions in one place

HttpContext.Current.User.IsInRole not working

in my authController / signin controller i have this code:

entities.UserAccount user = (new BLL.GestionUserAccount()).authentifier(email, password); //storing the userId in a cookie string roles = (new BLL.GestionUserAccount()).GetUserRoles(user.IdUser); // Initialize FormsAuthentication, for what it worth FormsAuthentication.Initialize(); // FormsAuthentication.SetAuthCookie(user.IdUser.ToString(), false); FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, // Ticket version user.IdUser.ToString(), // Username associated with ticket DateTime.Now, // Date/time issued DateTime.Now.AddMinutes(30), // Date/time to expire true, // "true" for a persistent user cookie roles, // User-data, in this case the roles FormsAuthentication.FormsCookiePath);// Path cookie valid for // Encrypt the cookie using the machine key for secure transport string hash = FormsAuthentication.Encrypt(ticket); HttpCookie cookie = new HttpCookie( FormsAuthentication.FormsCookieName, // Name of auth cookie hash); // Hashed ticket // Get the stored user-data, in this case, our roles // Set the cookie expiration time to the tickets expiration time if (ticket.IsPersistent) cookie.Expires = ticket.Expiration; // Add the cookie to the list for outgoing response Response.Cookies.Add(cookie); return RedirectToAction("index", "Home");

I have a menu on the main page, in this menu there is an element that is designed to view only the administrator role.

  <% if (HttpContext.Current.User.IsInRole("admin")){ %> <%=Html.ActionLink("Places", "Places", "Places")%> <%} %>

even with the HttpContext.Current.User defining the correct roles, I cannot see the element:

enter image description here

globalx asax:

  protected void Application_AuthenticateRequest(Object sender, EventArgs e) { if (HttpContext.Current.User != null) { if (HttpContext.Current.User.Identity.IsAuthenticated) { if (HttpContext.Current.User.Identity is FormsIdentity) { FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity; FormsAuthenticationTicket ticket = id.Ticket; // Get the stored user-data, in this case, our roles string userData = ticket.UserData; string[] roles = userData.Split(','); HttpContext.Current.User = new GenericPrincipal(id, roles); } } } }
+4
source share
5 answers

I know this sounds silly, but from your image I can only see your userData from your ticket.

The only thing I can imagine if this is if userData not included in the main one. (Perhaps the problem with the last three lines of glabal.asax.cs)

Something is wrong here:

 string userData = ticket.UserData; string[] roles = userData.Split(','); HttpContext.Current.User = new GenericPrincipal(id, roles);
+1
source

Instead of using User.IsInRole() try the static Roles.IsUserInRole() method.

+5
source

You will need a special Authorize attribute, which will analyze part of the user data of the authentication ticket and manually create an IPrincipal. Take a look at this post that illustrates how I recommend you do this in ASP.NET MVC. Never use HttpContext.Current in an ASP.NET MVC application. Even in your views. Use <% if (User.IsInRole("admin")) { %> instead.

+1
source

Missing one statement.

After this line:

 FormsAuthenticationTicket ticket = id.Ticket;

You need to put this line:

 ticket = FormsAuthentication.Decrypt(ticket.Name);
0
source

In global.asax, assign a principal to 2 of these objects:

  private static void SetPrincipal(IPrincipal principal) { Thread.CurrentPrincipal = principal; if (HttpContext.Current != null) { HttpContext.Current.User = principal; } }

I found it here. ASP.NET Documentation

0
source

Source: https://habr.com/ru/post/1392634/

More articles:


All Articles