[英]MVC [Authorize] attribute working on every page except home page
I'm using cookie authentication in a .Net Core 2.1 web app and I can't seem to get the authorize attribute to work on the default home page (webapp url). 我在.Net Core 2.1 Web应用程序中使用cookie身份验证,但似乎无法获得authorize属性在默认主页(webapp网址)上工作。 The attribute is working on all other pages.
该属性在所有其他页面上都有效。
When I go to https://appurl/home it redirects to login, but navigating to https://appurl doesn't require auth at all. 当我转到https:// appurl / home时,它将重定向到登录名,但是导航到https:// appurl根本不需要身份验证。 Here is my startup routing:
这是我的启动路由:
app.UseMvc(routes =>
{
routes.MapRoute(
name: "Home",
template: "{controller=Home}/{action=Index}/{id?}");
});
Here is my home controller: 这是我的家庭控制器:
[Authorize]
public class HomeController : Controller
{
public IActionResult Index()
{
return View();
}
[ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)]
public IActionResult Error()
{
return View(new ErrorViewModel { RequestId = Activity.Current?.Id ?? HttpContext.TraceIdentifier });
}
}
All other controllers marked with [Authorize] like this redirect to login as expected, I just don't know how to specify authorization on the default app url. 所有其他标有[Authorize]的控制器都像这样重定向到预期的登录名,我只是不知道如何在默认应用程序URL上指定授权。
Any help would be greatly appreciated. 任何帮助将不胜感激。
UPDATE: I suppose I've solved my issue by basically requiring auth by default and allowing anon access to just my login razor page (I'm using both mvc and razor pages). 更新:我想我已经通过基本要求默认身份验证并允许匿名访问我的登录剃刀页面(我同时使用mvc和剃刀页面)解决了我的问题。 I'm still curious if it can be done another way, but here is my startup.cs:
我仍然很好奇是否可以通过其他方式完成,但这是我的startup.cs:
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
/*
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
*/
services.AddMvc(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
})
.AddRazorPagesOptions(options =>
{
options.Conventions.AllowAnonymousToPage("/Account/Login");
})
.SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.LoginPath = "/Account/Login";
options.LogoutPath = "/Account/Logout";
});
// Add DB contexts here.
services.Configure<Database.DatabaseConfig>(Configuration.GetSection("ConnectionStrings"));
services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
}
It seems you forgot to add services.AddAuthorization ();
看来您忘记了添加
services.AddAuthorization ();
below services.AddAuthentication (...);
在
services.AddAuthentication (...);
下面services.AddAuthentication (...);
If you do that, probably you will not need this: 如果这样做,可能您将不需要:
services.AddMvc(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
})
.AddRazorPagesOptions(options =>
{
options.Conventions.AllowAnonymousToPage("/Account/Login");
})
.SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
You can change for this: 您可以为此进行更改:
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.