[英]ASP.NET Core Custom Role Based Authorization (Custom User.IsInRole)?
I am using a postgres Database through a library called Marten with a .NET app, I have a custom IUserLoginStore
which manages retrieving the user and its roles. 我通过一个名为Marten的库使用一个postgres数据库和一个.NET应用程序,我有一个自定义
IUserLoginStore
来管理检索用户及其角色。 This seems to be working correctly but I am have an issue with setting up authorization. 这似乎工作正常但我在设置授权时遇到问题。
I am using authentication through google and it is working fine: 我通过谷歌使用身份验证,它工作正常:
var info = await _signInManager.GetExternalLoginInfoAsync();
var result = await _signInManager.ExternalLoginSignInAsync(info.LoginProvider, info.ProviderKey, isPersistent: false);
This action throws an access denied issue: 此操作会抛出访问被拒绝的问题:
[HttpPost()]
[Authorize(Roles = "Admin")]
public JsonResult SubmitArticle([FromBody] ArticleInputModel input) {...}
I have dug into the Authorization code and the problem seems to be with the default ClaimsPrincipal
code: 我已经深入了解授权代码,问题似乎是使用默认的
ClaimsPrincipal
代码:
public virtual bool IsInRole(string role)
{
return false;
}
Should I implement my own version of ClaimsPrinciple
and override the IsInRole
, and if I do how do I get this back into the app? 我应该实现自己的
ClaimsPrinciple
版本并覆盖IsInRole
,如果我这样做,我怎么把它重新带回应用程序?
private static void ConfigureSecurity(IServiceCollection services)
{
services.AddIdentity<User, Role>()
.AddUserValidator<UserValidator>()
.AddUserStore<MartenUserStore>()
.AddRoleStore<MartenRoleStore>()
.AddDefaultTokenProviders();
}
Alright figured it out after a large amount of digging, In my case the MartenRoleStore
was implementing IUserLoginStore
it also needed to implement IUserRoleStore
which has GetRolesAsync
and IsInRoleAsync
. 好吧,经过大量的挖掘后想出来,在我的情况下,
MartenRoleStore
正在实现IUserLoginStore
,它还需要实现具有GetRolesAsync
和IsInRoleAsync
IUserRoleStore
。 (This is very important it has to be the exact same class you used for .AddUserStore<>();) (这非常重要,它必须与您用于.AddUserStore <>();)的完全相同的类。
This is the code that I found that caused the issue: 这是我发现导致问题的代码:
https://github.com/aspnet/Identity/blob/master/src/Microsoft.AspNetCore.Identity/UserManager.cs#L258 https://github.com/aspnet/Identity/blob/master/src/Microsoft.AspNetCore.Identity/UserManager.cs#L258
This is what makes it work: 这就是它的工作原理:
https://github.com/aspnet/Identity/blob/master/src/Microsoft.AspNetCore.Identity/UserClaimsPrincipalFactory.cs#L96 https://github.com/aspnet/Identity/blob/master/src/Microsoft.AspNetCore.Identity/UserClaimsPrincipalFactory.cs#L96
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.