ASP.NET Core 2.1标识:基于角色的授权 - >拒绝访问

Question

ASP.NET Core 2.1标识:基于角色的授权 - >拒绝访问

dan*_*yyy 5 authorization asp.net-identity asp.net-core

我正在使用ASP.NET Core 2.1和.NET的新身份框架.Authorization只要未请求角色特定角色,regular 属性就会起作用.

我是否需要一些扩展/自定义策略来使用角色？下面是我的代码的最小化样本:

Startup.cs

    public void ConfigureServices(IServiceCollection services)
    {
        services.Configure<CookiePolicyOptions>(options =>
        {
            // This lambda determines whether user consent for non-essential cookies is needed for a given request.
            options.CheckConsentNeeded = context => true;
            options.MinimumSameSitePolicy = SameSiteMode.None;
        });

        services.AddDbContext<ApplicationDbContext>(options =>
            options.UseSqlServer(
                Configuration.GetConnectionString("DefaultConnection")));
        services.AddDefaultIdentity<IdentityUser>()
            .AddRoles<IdentityRole>()
            .AddEntityFrameworkStores<ApplicationDbContext>();

        // Does not change anything
        // services.AddAuthorization();
        services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
    }


    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
            app.UseDatabaseErrorPage();
        }
        else
        {
            app.UseExceptionHandler("/Home/Error");
            app.UseHsts();
        }

        app.UseHttpsRedirection();
        app.UseStaticFiles();
        app.UseCookiePolicy();

        app.UseAuthentication();

        app.UseMvc(routes =>
        {
            routes.MapRoute(
                name: "default",
                template: "{controller=Home}/{action=Index}/{id?}");
        });
    }

Run Code Online (Sandbox Code Playgroud)

HomeController.cs

    public async Task<IActionResult> Index()
    {
        if (!await _roleManager.RoleExistsAsync("Admin"))
        {
            await _roleManager.CreateAsync(new IdentityRole("Admin"));
        }

        var user = await _userManager.FindByEmailAsync("danny.meier@tpcag.ch");
        if (!await _userManager.IsInRoleAsync(user, "Admin"))
        {
            await _userManager.AddToRoleAsync(user, "Admin");
            await _userManager.UpdateAsync(user);
        }


        return View();
    }

    [Authorize]
    public IActionResult About()
    {
        ViewData["Message"] = "Your application description page.";

        return View();
    }

    [Authorize(Roles = "Admin")]
    public IActionResult Contact()
    {
        ViewData["Message"] = "Your contact page.";

        return View();
    }

Run Code Online (Sandbox Code Playgroud)

Answer 1

itm*_*nus 16

这是一个已知问题的版本,2.1并已修复2.2 preview-1.

原因是默认情况下不会启用AddDefaultIdentity<TUser>()引入的新方法.ASP.NET Core 2.1Roles

要绕过它,而不是使用new AddDefaultIdentity<TUser>()来配置Identity,只需使用旧式api:

services.AddIdentity<AppUser, IdentityRole>()
        .AddRoleManager<RoleManager<IdentityRole>>()
        .AddDefaultUI()
        .AddDefaultTokenProviders()
        .AddEntityFrameworkStores<ApplicationDbContext>();

Run Code Online (Sandbox Code Playgroud)

此外,如果您之前已经签署了某人,请先退出并再次登录 ,它将按预期正常工作.

归档时间：	7 年，5 月前
查看次数：	2988 次
最近记录：	6 年，8 月前