根据我的书,如果启用角色管理,则 RoleManagerModule 通过将 RolePrincipal 对象分配给 HttpRequest.User< 创建用户的安全上下文。但是 FormsAuthenticationModule 是否已经创建安全上下文(因此主体对象被分配给 HttpContext.User ),它在 RoleManagerModule 之前被调用叫什么?
我问这个,因为在下面的代码中分配给 HttpRequest.User 的主体对象已经存在,即使 RoleManagerModule 还没有被调用:
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
if (User.Identity.IsAuthenticated && Roles.Enabled)
{
//here we subscribe user to a role via Roles.AddUserToRole()
}
}
主体对象也是如此,由 FormsAuthenticationModule 创建并分配给 HttpRequest.User,后来被 RolePrincipal 对象替换(由 创建RoleManagerModule)?
最佳答案
根据 this article :
If the Roles framework is enabled, the RoleManagerModule HTTP Module steps in after the FormsAuthenticationModule and identifies the authenticated user’s roles during the PostAuthenticateRequest event, which fires after the AuthenticateRequest event. If the request is from an authenticated user, the RoleManagerModule overwrites the GenericPrincipal object created by the FormsAuthenticationModule and replaces it with a RolePrincipal object. The RolePrincipal class uses the Roles API to determine what roles the user belongs to.
所以你是对的。
关于c# - RoleManagerModule 和 RolePrincipal 对象,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/870839/