0
Just follow my codes
Login :
public ActionResult Login(login login, string returnUrl)
{
if (ModelState.IsValid)
{
if (new AllFictionMembershipProvider().ValidateUser(login.email, login.senha))
{
FormsAuthentication.SetAuthCookie(login.email,false);
if (!String.IsNullOrEmpty(returnUrl))
{
return Redirect(returnUrl);
}
else
{
return RedirectToAction("Index", "Home");
}
}
else
{
ModelState.AddModelError("", "The user name or password provided is incorrect.");
}
}
// If we got this far, something failed, redisplay form
return View(login);
}
Membership Provider
public override bool ValidateUser(string username, string password)
{
EntidadesAllFictionBD db = new EntidadesAllFictionBD();
var query = (from l in db.login
where l.email == username && l.senha == password
select l).SingleOrDefault();
if (query==null) {
return false;
}
else {
return true;
}
}
Role Provider:
{
public override string[] GetRolesForUser(string username)
{
using (EntidadesAllFictionBD db = new EntidadesAllFictionBD())
{
usuario user = db.usuario.FirstOrDefault(u => u.email.Equals(username, StringComparison.CurrentCultureIgnoreCase));
var permissao = from p in db.permissao
from u in db.usuario
where p.idpermissao==u.usuario_idpermissao
select p.permissao1;
if (permissao != null)
return permissao.ToArray();
else
return new string[] { }; ;
}
}
public override bool IsUserInRole(string username, string roleName)
{
using (EntidadesAllFictionBD db = new EntidadesAllFictionBD())
{
usuario user = db.usuario.FirstOrDefault(u => u.email.Equals(username, StringComparison.CurrentCultureIgnoreCase));
var permissao = from p in db.permissao
from u in db.usuario
where p.idpermissao == u.usuario_idpermissao
select p.permissao1;
if (user != null)
return permissao.Any(p => p.Equals(roleName, StringComparison.CurrentCultureIgnoreCase));
else
return false;
}
}
And that’s the controller I want to block:
[Authorize(Roles="admin")]
public class BancaController : Controller
Yesterday, when accessing any action from this controller, a login form was shown, and any user who did not have admin permission was redirected to the user page. Today, when I access this page, it displays the same login form, however, any user can access the actions now.
What am I doing wrong? I made no change from yesterday to today.
Nor changed the user role to do another test and forgot to return to a non-admin role?
– MayogaX
Neither. I only added a user with admin permission. However, I am only logging in with the user permission.
– Ryan Santos
@Ryansantos has already placed a breakpoint on the first line of
GetRolesForUserto see what’s going on?– Leonel Sanches da Silva
@Ciganomorrisonmendez So I can see the email of who is trying to access, but I can’t see the values of the other attributes.
– Ryan Santos
I figured out the problem, I just don’t know how to fix it. When I add a user with admin permission, for some reason, all other users get the same access, even if they have a common user permission. Any idea how to fix this?
– Ryan Santos
@Ryansantos Update your question with the method
AddUsersToRolesof yourRoleProvider, please.– Leonel Sanches da Silva
@Ciganomorrisonmendez I did not get to implement this method. As I was carrying the roles straight from the bank, I thought it would not be necessary.
– Ryan Santos
This is where the root of your problem lies. Possibly something is inserting permissions for any and every user entered.
– Leonel Sanches da Silva
@Gypsy omorrisonmendez Got it. I’m going to implement here.
– Ryan Santos
@Gypomorrisonmendez I’m with the error Cannot implicitly Convert type 'System.Guid' to int on this line here userRole.Userroleid = Guid.Newguid(); I’m using one of those examples you posted on the login question. Do you want me to ask you a new question, or could you answer it right here? Thanks.
– Ryan Santos
@Ryansantos Simply remove the line that works.
– Leonel Sanches da Silva
@Gypsy omorrisonmendez Indeed. I managed to resolve, now each user actually has his permission. Again, thank you!
– Ryan Santos