堆栈内存溢出
  简体   繁体   English

ASP.NET核心自定义基于角色的授权(Custom User.IsInRole)?

[英]ASP.NET Core Custom Role Based Authorization (Custom User.IsInRole)?

 原文  2017-04-06 21:51:14       asp.net/ authorization/ .net-core/ coreclr

问题描述

I am using a postgres Database through a library called Marten with a .NET app, I have a custom IUserLoginStore which manages retrieving the user and its roles. 我通过一个名为Marten的库使用一个postgres数据库和一个.NET应用程序,我有一个自定义IUserLoginStore来管理检索用户及其角色。 This seems to be working correctly but I am have an issue with setting up authorization. 这似乎工作正常但我在设置授权时遇到问题。

I am using authentication through google and it is working fine: 我通过谷歌使用身份验证,它工作正常: 

var info = await _signInManager.GetExternalLoginInfoAsync();
var result = await _signInManager.ExternalLoginSignInAsync(info.LoginProvider, info.ProviderKey, isPersistent: false);

This action throws an access denied issue: 此操作会抛出访问被拒绝的问题: 

[HttpPost()]
[Authorize(Roles = "Admin")]
public JsonResult SubmitArticle([FromBody] ArticleInputModel input) {...}

I have dug into the Authorization code and the problem seems to be with the default ClaimsPrincipal code: 我已经深入了解授权代码,问题似乎是使用默认的ClaimsPrincipal代码: 

public virtual bool IsInRole(string role)
{
  return false;
}

Should I implement my own version of ClaimsPrinciple and override the IsInRole , and if I do how do I get this back into the app? 我应该实现自己的ClaimsPrinciple版本并覆盖IsInRole ,如果我这样做,我怎么把它重新带回应用程序? 

private static void ConfigureSecurity(IServiceCollection services)
{
    services.AddIdentity<User, Role>()
        .AddUserValidator<UserValidator>()
        .AddUserStore<MartenUserStore>()
        .AddRoleStore<MartenRoleStore>()
        .AddDefaultTokenProviders();
}

1 个解决方案

解决方案1
 5 已采纳  2017-04-10 21:58:15

Alright figured it out after a large amount of digging, In my case the MartenRoleStore was implementing IUserLoginStore it also needed to implement IUserRoleStore which has GetRolesAsync and IsInRoleAsync . 好吧,经过大量的挖掘后想出来,在我的情况下, MartenRoleStore正在实现IUserLoginStore ,它还需要实现具有GetRolesAsyncIsInRoleAsync IUserRoleStore (This is very important it has to be the exact same class you used for .AddUserStore<>();) (这非常重要,它必须与您用于.AddUserStore <>();)的完全相同的类。

This is the code that I found that caused the issue: 这是我发现导致问题的代码:

https://github.com/aspnet/Identity/blob/master/src/Microsoft.AspNetCore.Identity/UserManager.cs#L258 https://github.com/aspnet/Identity/blob/master/src/Microsoft.AspNetCore.Identity/UserManager.cs#L258

This is what makes it work: 这就是它的工作原理:

https://github.com/aspnet/Identity/blob/master/src/Microsoft.AspNetCore.Identity/UserClaimsPrincipalFactory.cs#L96 https://github.com/aspnet/Identity/blob/master/src/Microsoft.AspNetCore.Identity/UserClaimsPrincipalFactory.cs#L96

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在 ASP.NET Core 中自定义/覆盖 User.IsInRole - How to custom/override User.IsInRole in ASP.NET Core 在ASP.NET Core中重写User.IsInRole - Override User.IsInRole in ASP.NET Core ASP.NET User.IsInRole 说明 - ASP.NET User.IsInRole clarification ASP.NET活动目录身份验证User.IsInRole - ASP.NET active directory authentication User.IsInRole asp.net User.IsInRole检查整个网站 - asp.net User.IsInRole check in whole website asp.net mvc 3 User.IsInRole(“管理员”) - asp.net mvc 3 User.IsInRole(“Admin”) ASP.NET Core 3.1 MVC 访问被拒绝基于角色的授权 - 与自定义 UserClaimsPrincipalFactory 冲突 - ASP.NET Core 3.1 MVC Access Denied role based authorization - Conflict with custom UserClaimsPrincipalFactory 基于asp.net mvc中角色的自定义用户授权 - Custom user authorization based with roles in asp.net mvc 需要帮助以Asp.Net身份1运行[Authorize(Roles =“ Admin”)]和User.isInRole(“ Admin”) - Need help getting [Authorize(Roles=“Admin”)] and User.isInRole(“Admin”) working in Asp.Net identity 1 ASP.NET成员资格 - 使用哪个RoleProvider User.IsInRole()检查ActiveDirectory组? - ASP.NET Membership - Which RoleProvider to use so User.IsInRole() checks ActiveDirectory Groups?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM