身份角色未添加到用户
Kav*_*han 3 c# asp.net-core asp.net-core-identity
我想将 JWT 身份验证用于我的 Web api,并将 cookie 身份验证用于 Razor 页面。我对控制器使用策略授权。在我的以下配置中,一切都适用于我的 Razor 页面Startup.cs:
services.AddIdentity<User, Role>(opt =>{
opt.Password.RequireDigit = false;
opt.Password.RequiredLength = 4;
opt.Password.RequireNonAlphanumeric = false;
opt.Password.RequireUppercase = false;
opt.Password.RequireLowercase = false;
})
.AddEntityFrameworkStores<DataContext>()
.AddRoleValidator<RoleValidator<Role>>()
.AddRoleManager<RoleManager<Role>>()
.AddSignInManager<SignInManager<User>>();
但是我的 Controller 端点不起作用,当我使用下面的端点时,它可以工作:
IdentityBuilder builder = services.AddIdentityCore<User>(opt =>
{
opt.Password.RequireDigit = false;
opt.Password.RequiredLength = 4;
opt.Password.RequireNonAlphanumeric = false;
opt.Password.RequireUppercase = false;
opt.Password.RequireLowercase = false;
});
但是角色没有被添加到用户声明中,因此我的 Razor 页面的授权策略属性总是返回Access Denied。
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<DataContext>(opt => opt.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services.ConfigureApplicationCookie(options =>
{
// Cookie settings
options.Cookie.HttpOnly = true;
options.ExpireTimeSpan = TimeSpan.FromDays(1);
options.LoginPath = "/Account/Login";
options.AccessDeniedPath = "/Account/AccessDenied";
options.SlidingExpiration = true;
options.Cookie.Name = Configuration.GetSection("AppSettings:AuthCookieName").Value;
});
// services.AddIdentity<User, Role>(opt =>{
// opt.Password.RequireDigit = false;
// opt.Password.RequiredLength = 4;
// opt.Password.RequireNonAlphanumeric = false;
// opt.Password.RequireUppercase = false;
// opt.Password.RequireLowercase = false;
// });
IdentityBuilder builder = services.AddIdentityCore<User>(opt =>
{
opt.Password.RequireDigit = false;
opt.Password.RequiredLength = 4;
opt.Password.RequireNonAlphanumeric = false;
opt.Password.RequireUppercase = false;
opt.Password.RequireLowercase = false;
});
builder = new IdentityBuilder(builder.UserType, typeof(Role), builder.Services);
builder.AddEntityFrameworkStores<DataContext>();
builder.AddRoleValidator<RoleValidator<Role>>();
builder.AddRoleManager<RoleManager<Role>>();
builder.AddSignInManager<SignInManager<User>>();
services.AddAuthorization(options =>{
options.AddPolicy("CorrectUserIdRequested", policy=>{
policy.AddRequirements(new CorrectUserIdRequestedRequirement());
});
options.AddPolicy("RequireAdminRole", policy => policy.RequireRole("admin"));
options.AddPolicy("RequireUserRole", policy => policy.RequireRole("admin","user"));
});
services.AddMvc(options => {
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
}).
SetCompatibilityVersion(CompatibilityVersion.Version_2_2)
.AddJsonOptions(opt =>
{
opt.SerializerSettings.ReferenceLoopHandling =
Newtonsoft.Json.ReferenceLoopHandling.Ignore;
});
// Authentication Scheme
services.AddAuthentication(IdentityConstants.ApplicationScheme)
.AddCookie(IdentityConstants.ApplicationScheme, options =>
{
//if url start with "/api" use jwt instead
options.ForwardDefaultSelector = httpContext => httpContext.Request.Path.StartsWithSegments("/api") ? JwtBearerDefaults.AuthenticationScheme : null;
})
.AddJwtBearer(o =>
{
o.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII
.GetBytes(Configuration.GetSection("AppSettings:Token").Value)),
ValidateIssuer = false,
ValidateAudience = false
};
});
Mapper.Reset();
services.AddCors();
services.AddAutoMapper(typeof(Startup));
//Injections
services.AddTransient<Seed>();
services.AddScoped<AuthService, AuthServicePasswordless>();
services.AddScoped<IUserRepository, UserRepository>();
services.AddScoped<INotificationService, SmsNotifyService>();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, Seed seeder)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler(builder => {
builder.Run(async context => {
context.Response.StatusCode = (int)HttpStatusCode.InternalServerError;
var error = context.Features.Get<IExceptionHandlerFeature>();
if(error != null){
context.Response.AddApplicationError(error.Error.Message);
await context.Response.WriteAsync(error.Error.Message);
}
});
}); // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
// app.UseHsts();
}
// app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
seeder.SeedUsers();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: null,
template: "{area:exists}/{controller=Dashboard}/{action=Index}/{id?}");
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
}
//Controller
[Authorize(Policy = "RequireAdminRole")]
[Area("Admin")]
public class DashboardController : Controller
{
public IActionResult Index(){
return View();
}
}
请注意,您创建了一个全新的IdentityBuilder,然后配置了新创建的IdentityBuilder 而不是由 返回的services.AddIdentityCore<>():
IdentityBuilder 构建器 = services.AddIdentityCore<User>(opt =>
{
opt.Password.RequireDigit = false;
opt.Password.RequiredLength = 4;
opt.Password.RequireNonAlphanumeric = false;
opt.Password.RequireUppercase = false;
opt.Password.RequireLowercase = false;
});
builder = new IdentityBuilder (builder.UserType, typeof(Role), builder.Services);
...配置构建器
怎么修 :
要解决此问题,您需要配置在服务容器中注册的相同构建器:
builder = new IdentityBuilder(builder.UserType, typeof(IdentityRole), builder.Services);
最后,不要忘记先注销并重新登录,以使用户获得角色。
作为旁注,您不需要添加编写这么多代码来配置身份验证。更好的方法是调用AddDefaultIdentity<User>()而不是AddIdentityCore()简化代码:
IdentityBuilder 构建器 = 服务。AddDefaultIdentity <用户>(选择 =>
{
...
})
.AddRoles<Role>()
.AddDefaultTokenProviders()
.AddEntityFrameworkStores<DataContext>()
;
builder = new IdentityBuilder(builder.UserType, typeof(Role), builder.Services);
builder.AddEntityFrameworkStores<DataContext>();
builder.AddRoleValidator<RoleValidator<Role>>();
builder.AddRoleManager<RoleManager<Role>>();
builder.AddSignInManager<SignInManager<User>>();
....
services.Configure<CookieAuthenticationOptions>(IdentityConstants.ApplicationScheme,opt=>{
//如果url以“/api”开头,则使用jwt代替
opt.ForwardDefaultSelector = httpContext => httpContext.Request.Path.StartsWithSegments("/api") ?JwtBearerDefaults.AuthenticationScheme:空;
});
services.AddAuthentication(IdentityConstants.ApplicationScheme)
.AddCookie(IdentityConstants.ApplicationScheme, options =>
{
//如果url以“/api”开头,则使用jwt代替
options.ForwardDefaultSelector = httpContext => httpContext.Request.Path.StartsWithSegments("/api") ?JwtBearerDefaults.AuthenticationScheme:空;
})
.AddJwtBearer(o =>
{
...
});
演示:
| 归档时间: |
|
| 查看次数: |
697 次 |
| 最近记录: |