Authorize has stopped working

Asked

Viewed 179 times

0

Just follow my codes

Login :

public ActionResult Login(login login, string returnUrl)
    {
        if (ModelState.IsValid)
            {
                if (new AllFictionMembershipProvider().ValidateUser(login.email, login.senha))
                {
                    FormsAuthentication.SetAuthCookie(login.email,false);
                    if (!String.IsNullOrEmpty(returnUrl))
                    {
                        return Redirect(returnUrl);
                    }
                    else
                    {
                        return RedirectToAction("Index", "Home");
                    }
                }
                else
                {
                    ModelState.AddModelError("", "The user name or password provided is incorrect.");
                }
            }
 
            // If we got this far, something failed, redisplay form
        return View(login);
    }

Membership Provider

public override bool ValidateUser(string username, string password)
        {
            EntidadesAllFictionBD db = new EntidadesAllFictionBD();

            var query = (from l in db.login
                         where l.email == username && l.senha == password
                         select l).SingleOrDefault();
            if (query==null) {
                return false;
            }

            else {

                return true;
            }

            }

Role Provider:

 {
        public override string[] GetRolesForUser(string username)
        {
            using (EntidadesAllFictionBD db = new EntidadesAllFictionBD())
            {
                usuario user = db.usuario.FirstOrDefault(u => u.email.Equals(username, StringComparison.CurrentCultureIgnoreCase));

                var permissao = from p in db.permissao
                                from u in db.usuario
                                where p.idpermissao==u.usuario_idpermissao
                                    select p.permissao1;

                if (permissao != null)

                    return permissao.ToArray();
                else
                    return new string[] { }; ;
            }
        }
        public override bool IsUserInRole(string username, string roleName)
        {
            using (EntidadesAllFictionBD db = new EntidadesAllFictionBD())
            {
                usuario user = db.usuario.FirstOrDefault(u => u.email.Equals(username, StringComparison.CurrentCultureIgnoreCase));

                var permissao = from p in db.permissao
                                from u in db.usuario
                                where p.idpermissao == u.usuario_idpermissao
                                select p.permissao1;
                if (user != null)
                    return permissao.Any(p => p.Equals(roleName, StringComparison.CurrentCultureIgnoreCase));
                else
                    return false;
            }
        }

And that’s the controller I want to block:

[Authorize(Roles="admin")]
    public class BancaController : Controller

Yesterday, when accessing any action from this controller, a login form was shown, and any user who did not have admin permission was redirected to the user page. Today, when I access this page, it displays the same login form, however, any user can access the actions now.

What am I doing wrong? I made no change from yesterday to today.

  • Nor changed the user role to do another test and forgot to return to a non-admin role?

  • 1

    Neither. I only added a user with admin permission. However, I am only logging in with the user permission.

  • @Ryansantos has already placed a breakpoint on the first line of GetRolesForUser to see what’s going on?

  • @Ciganomorrisonmendez So I can see the email of who is trying to access, but I can’t see the values of the other attributes.

  • 1

    I figured out the problem, I just don’t know how to fix it. When I add a user with admin permission, for some reason, all other users get the same access, even if they have a common user permission. Any idea how to fix this?

  • @Ryansantos Update your question with the method AddUsersToRoles of your RoleProvider, please.

  • @Ciganomorrisonmendez I did not get to implement this method. As I was carrying the roles straight from the bank, I thought it would not be necessary.

  • This is where the root of your problem lies. Possibly something is inserting permissions for any and every user entered.

  • @Gypsy omorrisonmendez Got it. I’m going to implement here.

  • 1

    @Gypomorrisonmendez I’m with the error Cannot implicitly Convert type 'System.Guid' to int on this line here userRole.Userroleid = Guid.Newguid(); I’m using one of those examples you posted on the login question. Do you want me to ask you a new question, or could you answer it right here? Thanks.

  • 1

    @Ryansantos Simply remove the line that works.

  • 1

    @Gypsy omorrisonmendez Indeed. I managed to resolve, now each user actually has his permission. Again, thank you!

Show 7 more comments

2 answers

1


Just formalizing a response:

Check the method AddUsersToRoles of your RoleProvider. Apparently it’s a bug in its implementation.

0

It seems to me that your select is bringing all permissions of all users, already debug the return of it?

var permissao = from p in db.permissao
                from u in db.usuario
                where p.idpermissao==u.usuario_idpermissao
                select p.permissao1;

I don’t know your structure, but maybe the right thing is to use a Join:

var permissao = from u in db.usuario
                join p in db.permissao on p.idpermissao equals u.usuario_idpermissao
                where u.id == user.id
                select p.permissao1;

Browser other questions tagged

You are not signed in. Login or sign up in order to post.