ASP.NET Core更改AccessDenied路由

Question

ASP.NET Core更改AccessDenied路由

Tho*_*ian 7 asp.net asp.net-mvc-routing asp.net-identity-3 asp.net-core

我在路由AccessDenied时遇到了一些麻烦,可能还有Login/Logout路径.该项目是一个剥离的默认项目,没有更多的魔力.因此存在一个Account带AccessDenied()方法的控制器.

我现在正在尝试的是(这是互联网商品提供的解决方案)

services.Configure<CookieAuthenticationOptions>(options =>
{
    options.LoginPath = new PathString("/");
    options.AccessDeniedPath = new PathString("/InactiveSponsor");
    options.LogoutPath = new PathString("/");
});

Run Code Online (Sandbox Code Playgroud)

但这绝对没有区别.那么任何想法？任何想法为什么不工作以及如何使其工作.

这是我的Startup.cs

public Startup(IHostingEnvironment env)
{
    var builder = new ConfigurationBuilder()
        .SetBasePath(env.ContentRootPath)
        .AddJsonFile("appsettings.json", optional: true, reloadOnChange: true)
        .AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true)
        .AddEnvironmentVariables();

    if (env.IsDevelopment())
    {
        // This will push telemetry data through Application Insights pipeline faster, allowing you to view results immediately.
        builder.AddApplicationInsightsSettings(developerMode: true);
    }
    Configuration = builder.Build();
}

public IConfigurationRoot Configuration { get; }

// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
    // Add framework services.
    services.AddApplicationInsightsTelemetry(Configuration);

    string connection = "DefaultConnection";
    //services.AddDbContext<SponsorContext>(options => options.UseSqlServer(connection));
    services.AddDbContext<SponsorContext>(options => options.UseSqlServer(Configuration[$"Data:{connection}"]));

    services.AddIdentity<ApplicationUser, ApplicationRole>()
        .AddEntityFrameworkStores<SponsorContext>()
        .AddDefaultTokenProviders();


    services.AddMvc();


    services.AddAuthorization(options =>
    {
        options.AddPolicy(Policies.RequireAdmin, policy => policy.RequireRole(Roles.Administrator));
        options.AddPolicy(Policies.IsSponsor, policy => policy.RequireRole(Roles.Sponsor));
        options.AddPolicy(Policies.IsSponsorOrAdmin, policy => policy.RequireRole(Roles.Administrator, Roles.Sponsor));
    });

    /*
     * AddTransient Different on each instance/use
     * AddScoped Different instance on a per request basis
     * AddSingleton Always the same instance
     */
    //DI
    services.AddScoped<ManageUserRepository>();
    services.AddScoped<ISponsorManagement, SponsorRepository>();
    services.AddScoped<ISponsorRead, SponsorRepository>();
}

// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
    loggerFactory.AddConsole(Configuration.GetSection("Logging"));
    loggerFactory.AddDebug();

    app.UseApplicationInsightsRequestTelemetry();

    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
        app.UseBrowserLink();
    }
    else
    {
        app.UseExceptionHandler("/Home/Error");
    }

    app.UseApplicationInsightsExceptionTelemetry();

    app.UseStaticFiles();
    app.UseIdentity();


    app.UseMvc(routes =>
    {
        routes.MapRoute(
            name: "default",
            template: "{controller=Home}/{action=Index}/{id?}");
    });
}

Run Code Online (Sandbox Code Playgroud)

Answer 1

ade*_*lin 10

尝试

 services.AddIdentity<ApplicationUser, IdentityRole>(op=>op.Cookies.ApplicationCookie.AccessDeniedPath = new PathString("/InactiveSponsor"))
         .AddEntityFrameworkStores<SponsorContext>()
         .AddDefaultTokenProviders();

Run Code Online (Sandbox Code Playgroud)

要么

        services.Configure<IdentityOptions>(opt =>
        {
            opt.Cookies.ApplicationCookie.LoginPath = new PathString("/aa");
            opt.Cookies.ApplicationCookie.AccessDeniedPath = new PathString("/InactiveSponsor");
            opt.Cookies.ApplicationCookie.LogoutPath = new PathString("/");
        });

Run Code Online (Sandbox Code Playgroud)

Answer 2

And*_*rei 6

对于ASP.NET Core 2.x Web应用程序中的类似问题，如果使用Azure AD / OpenID Connect进行身份验证，则可以通过这种方式更改路由。

services.AddAuthentication(options =>...)
            .AddOpenIdConnect(options =>...)
            .AddCookie(options =>
            {
                options.AccessDeniedPath = "/path/unauthorized";
                options.LoginPath = "/path/login";
            });

Run Code Online (Sandbox Code Playgroud)

Answer 3

Sto*_*mov 5

万一有人在经历ASP.NET的Core 2类似的问题，你可以代替services.Configure<CookieAuthenticationOptions>(...)用services.ConfigureApplicationCookie()这样的：

将其替换为您的Startup.cs：

services.Configure<CookieAuthenticationOptions>(options =>
{
    options.LoginPath = new PathString("/[your-path]");
    options.AccessDeniedPath = new PathString("/[your-path]");
    options.LogoutPath = new PathString("/[your-path]");
});

Run Code Online (Sandbox Code Playgroud)

有了这个：

services.ConfigureApplicationCookie(options =>
{
    options.LoginPath = new PathString("/[your-path]");
    options.AccessDeniedPath = new PathString("/[your-path]");
    options.LogoutPath = new PathString("/[your-path]");
}

Run Code Online (Sandbox Code Playgroud)

`ConfigureApplicationCookie` 是 ASP.NET Identity 的一部分，如果你没有使用 ASP.NET Identity（比如我，我使用的是没有 ASP.NET Identity 的 IdentityServer4），那么这些方法都不起作用。 (2认同)

归档时间：	9 年，3 月前
查看次数：	7505 次
最近记录：	7 年，1 月前