开发者

MVC3 Forms Authentication: Role Specific Visible Items in Partial View

开发者 https://www.devze.com 2023-03-28 11:13 出处:网络
I just set up my MVC application with fo开发者_如何转开发rms authentication and everything is just dandy except for my _LogOnPartial view. The \"Welcome[Log Off]\" works fine, however, I also have Rol

I just set up my MVC application with fo开发者_如何转开发rms authentication and everything is just dandy except for my _LogOnPartial view. The "Welcome [Log Off]" works fine, however, I also have Role specific text or drop-down selector that needs to be displayed depending on the user's role.

This works fine as long as the user has logged in during the current session because I use cookies to hold the role and verify with User.IsInRole() in the Controller before any actions occur.

This does not work if the user selects "Remember me" because when the session starts, there is no cookie containing the role, and thus the visible items.

Is there an easy way to check User.IsInRole()in a partial view?

Here is my View:

<div id="LogInContainer">
    @if (Request.IsAuthenticated)
    {
        <div class="InLine" id="WelcomeDisplay">
            <text>Welcome <b>@Context.User.Identity.Name</b>! [ @Html.ActionLink("Log Off", "LogOff", "Account")
            ]
            </text>
        </div>
        <div id="clientDropDown">
            @{

        var requestCookie = Request.Cookies["Role"];
        if (requestCookie != null)
        {
            if (requestCookie.Value == "Client1")
            {
                HttpCookie joannCookie = new HttpCookie("Client", "Client1");
                Response.Cookies.Add(Client1Cookie);
                <text>Client: Client1</text>
            }
            else if (requestCookie.Value == "Client2")
            {
                HttpCookie safewayCookie = new HttpCookie("Client", "Client2");
                Response.Cookies.Add(Client2Cookie); 
                <text>Client: Client2</text>
            }
            else if (requestCookie.Value == "Administrator")
            {
                @:Client: @Html.DropDownList("Client", new SelectList(ConfigurationHelper.Clients))
                }
        }
        else
        {
            //Do nothing
        }
            }
        </div>
    }
    else
    {
        <div id="LogOnLink">
            [ @Html.ActionLink("Log On", "LogOn", "Account") ]
        </div>
    }
</div>

Is there a way to make nonauth cookies persistent? I'm new to cookies so I may just be ignorant, but I tried a google search with no luck.


Set the expiration of the cookie to a future date to make it persistent. If you don't set the expiration date it is a so called "session cookie" or "non-persistent" cookie that is not stored on disk by the browser and kept only as long as you use the same browser session. If you want to keep the cookie "forever" you still have to pick a date, the only thing you can do is that you pick an expiration date "far enough" in the future (e.g. the current date plus a big constant time span).

However, you should be very careful about storing authentication or authorization information in a persistent cookie! By default ASP.NET uses session cookies for authentication, because persisting such a cookie is a serious security risk.

0

精彩评论

暂无评论...
验证码 换一张
取 消