我正在开发的项目是针对使用nopCommerce 2.6的Intranet站点,该站点已经过修改,因此它结合了Forms和Windows身份验证。我如何记录用户如下:
看起来很简单,但有一个障碍。当用户不存在时,它们将被正确地抛出到“注册”页面。当用户确实存在并且他们的帐户正常时,他们已正确登录。
但是,如果用户被标记为无效或已删除,则系统开始表现得很奇怪。它反复回忆UserAuthorizationAttribute.cs中的OnAuthorization方法(在Nop.Web.Framework中)。准确地说,在放弃之前它会回忆相同的方法6次。
我想弄清楚为什么OnAuthorization会在最终彻底失败之前被反复召回。
以下是我目前的代码。
UserAuthorizeAttribute.cs
private void HandleUnauthorizedRequest(string action, AuthorizationContext filterContext)
{
var routeDictionary = new RouteValueDictionary { { "action", action }, { "controller", "Customer" } };
filterContext.Result = new RedirectToRouteResult(routeDictionary);
}
public void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
throw new ArgumentNullException("filterContext");
if (OutputCacheAttribute.IsChildActionCacheActive(filterContext))
throw new InvalidOperationException("You cannot use [UserAuthorize] attribute when a child action cache is active");
if (IsUserPageRequested(filterContext))
{
var userAccess = HasUserAccess(filterContext);
var action = string.Empty;
/*
* 0: User not in system
* 1: User is inactive
* 2: User is deleted
* 3: User not authorized
* 4: User is authorized
*/
switch (userAccess)
{
case 0:
action = "Register";
break;
case 1:
case 2:
case 3:
action = "Unauthorized";
break;
}
if (userAccess != 4)
this.HandleUnauthorizedRequest(action, filterContext);
}
}
public virtual int HasUserAccess(AuthorizationContext filterContext)
{
//Grab permission needed
var permissionService = EngineContext.Current.Resolve<IPermissionService>();
//Get user's Windows Authenticated account
var userAccount = string.Empty;
var userLogin = Thread.CurrentPrincipal.Identity.Name;
//Determine if user has proper permissions
var result = permissionService.NewUserAuthorize(StandardPermissionProvider.UserAccessArea, userLogin);
return result;
}
PermissionService.cs
/// <summary>
/// Authorize User
/// </summary>
/// <param name="permission">Permission Record</param>
/// <param name="userLogin">User Login</param>
/// <returns>
/// 0: User not in system
/// 1: User is inactive
/// 2: User is deleted
/// 3: User not authorized
/// 4: User is authorized
/// </returns>
public virtual int NewUserAuthorize(PermissionRecord permission, string userLogin)
{
//Find the user within Nop
var currentCustomer = _customerService.GetCustomerByUsername(userLogin);
//User not in system
if (currentCustomer == null)
return 0;
//User is set to inactive
if (!currentCustomer.Active)
return 1;
//User is deleted
if (currentCustomer.Deleted)
return 2;
//Sign user in and make them the current user
_authenticationService.SignIn(currentCustomer, true);
var authorize = Authorize(permission, currentCustomer);
return authorize ? 4 : 3;
}