How to keep RoleProvider from overriding custom ro

2019-07-21 08:17发布

I have an custom role provider that gets the roles a user belongs to from a database. I also have a custom authentication module registered in my web.config's httpModules which sniffs incoming HTTP requests and (if it's an OAuth signed request) sets the HttpContext.Current.User property to impersonate the user, and the IPrincipal that it sets includes all the user's roles, plus an extra one called "delegated".

The trouble is, after I set my custom IPrincipal, apparently ASP.NET still calls my custom role provider, and then resets the IPrincipal with one that has only the standard roles for that user.

If I set <roleManager enabled="false" ...> in my web.config file, the authentication module's assigned roles stick. Obviously though, I want the best of both worlds. How can I use the role provider, but "cancel" the role provider's effect when my authentication module decides to?

标签： asp.net authorization oauth roles

1条回答

劳资没心，怎么记你

2楼-- · 2019-07-21 08:50

It turns out that in the authentication http module's Init method, I can find the RoleManager, and then hook an event that gives me veto power on whether it does its overriding work:

    public void Init(HttpApplication context) {
        var roleManager = (RoleManagerModule)context.Modules["RoleManager"];
        roleManager.GetRoles += this.roleManager_GetRoles;
    }

    private void roleManager_GetRoles(object sender, RoleManagerEventArgs e) {
        if (this.application.User is OAuthPrincipal) {
            e.RolesPopulated = true; // allows roles set in AuthenticationRequest to stick.
        }
    }

    private void context_AuthenticateRequest(object sender, EventArgs e) {
        if (/*oauth request*/) {
            HttpContext.Current.User = CreateOAuthPrincipal();
        }
    }

0人赞添加讨论(0) 举报

How to keep RoleProvider from overriding custom ro

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间