I'm having trouble in getting the Authorize
attribute to work with roles. This is how I've decorated my controller:
[Authorize(Roles = "admin")]
public ActionResult Index()
{
...
}
and this is how I log a user in:
string roles = "admin";
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(
1,
username,
DateTime.Now,
DateTime.Now.AddMinutes(30),
false,
roles
);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(authTicket));
HttpContext.Current.Response.Cookies.Add(cookie);
But my user is still denied access. Where am I going wrong?
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…