Authorize stopped working

Question

Authorize stopped working

Navigation

#1 by (1 votes)
#2 by (0 votes)

0

Follow my codes

Login:

public ActionResult Login(login login, string returnUrl)
    {
        if (ModelState.IsValid)
            {
                if (new AllFictionMembershipProvider().ValidateUser(login.email, login.senha))
                {
                    FormsAuthentication.SetAuthCookie(login.email,false);
                    if (!String.IsNullOrEmpty(returnUrl))
                    {
                        return Redirect(returnUrl);
                    }
                    else
                    {
                        return RedirectToAction("Index", "Home");
                    }
                }
                else
                {
                    ModelState.AddModelError("", "The user name or password provided is incorrect.");
                }
            }
 
            // If we got this far, something failed, redisplay form
        return View(login);
    }

Membership provider

public override bool ValidateUser(string username, string password)
        {
            EntidadesAllFictionBD db = new EntidadesAllFictionBD();

            var query = (from l in db.login
                         where l.email == username && l.senha == password
                         select l).SingleOrDefault();
            if (query==null) {
                return false;
            }

            else {

                return true;
            }

            }

Role provider:

 {
        public override string[] GetRolesForUser(string username)
        {
            using (EntidadesAllFictionBD db = new EntidadesAllFictionBD())
            {
                usuario user = db.usuario.FirstOrDefault(u => u.email.Equals(username, StringComparison.CurrentCultureIgnoreCase));

                var permissao = from p in db.permissao
                                from u in db.usuario
                                where p.idpermissao==u.usuario_idpermissao
                                    select p.permissao1;

                if (permissao != null)

                    return permissao.ToArray();
                else
                    return new string[] { }; ;
            }
        }
        public override bool IsUserInRole(string username, string roleName)
        {
            using (EntidadesAllFictionBD db = new EntidadesAllFictionBD())
            {
                usuario user = db.usuario.FirstOrDefault(u => u.email.Equals(username, StringComparison.CurrentCultureIgnoreCase));

                var permissao = from p in db.permissao
                                from u in db.usuario
                                where p.idpermissao == u.usuario_idpermissao
                                select p.permissao1;
                if (user != null)
                    return permissao.Any(p => p.Equals(roleName, StringComparison.CurrentCultureIgnoreCase));
                else
                    return false;
            }
        }

And this is the controller I want to block:

[Authorize(Roles="admin")]
    public class BancaController : Controller

Yesterday, when accessing any action of this controller, a login form was shown, and any user who did not have admin permission was redirected to the user page. Today, when I access this page, it displays the same login form, however, any user can access the actions now.

What am I doing wrong? I did not make any changes from yesterday to today.

asp.net-mvc

asked by anonymous 25.09.2014 / 23:39

2 answers

0

It seems that your select is bringing all the permissions of all the users, has already debug the return of it?

var permissao = from p in db.permissao
                from u in db.usuario
                where p.idpermissao==u.usuario_idpermissao
                select p.permissao1;

I do not know your structure, but maybe the right thing is to use a join:

var permissao = from u in db.usuario
                join p in db.permissao on p.idpermissao equals u.usuario_idpermissao
                where u.id == user.id
                select p.permissao1;

26.09.2014 / 14:08

Accessibility (contrast) via Javascript Attr with Internet Explorer

score 1 · Accepted Answer

1

Just formalizing a response:

Check the AddUsersToRoles method of your RoleProvider . Apparently it's a bug in implementing it.

28.09.2014 / 06:31