[英]Access Denied for Admin User
I've been trying to add a policy to my admin area of my web app, and have added my admin user and the admin role to both my AspNetUsers
, AspNetRoles
and AspNetUserRoles
tables, however I cannot verify that the user I'm signed is as is an admin. 我一直在尝试将策略添加到Web应用程序的管理区域中,并且已将我的管理员用户和管理员角色同时添加到我的
AspNetUsers
, AspNetRoles
和AspNetUserRoles
表中,但是我无法验证已签名的用户是否和管理员一样。
AspNetUsers
table AspNetUsers
表
Id | UserName | NormalizedUserName | Email | NormalizedEmail
_______________________________________________________________________________________________
123 | WebAdmin | WEBADMIN | admin@mysite.com | ADMIN@MYSITE.COM
AspNetRoles
Table AspNetRoles
表
Id | Name | NormalizedName
_______________________________________
123 | Admin | ADMIN
_______________________________________
321 | User | USER
AspNetUserRoles
table AspNetUserRoles
表
UserId | RoleId
______________________
123 | 123
I've included the Identity
in the ConfirgureServices
of my Startup
class 我已经将
Identity
包含在Startup
类的ConfirgureServices
中
/// <summary>
/// This method gets called by the runtime. Use this method to add services to the container.
/// </summary>
/// <param name="services">Services to configure</param>
public void ConfigureServices(IServiceCollection services)
{
// Regular Cookie Policy stuff
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
// Mailing service setup
services.AddScoped<SmtpClient>((serviceProvider) =>
{
return new SmtpClient
{
Host = this.Configuration.GetValue<string>("Email:Smtp:Host"),
Port = this.Configuration.GetValue<int>("Email:Smtp:Port"),
UseDefaultCredentials = false,
Credentials = new NetworkCredential(
this.Configuration.GetValue<string>("Email:Smtp:Username"),
this.Configuration.GetValue<string>("Email:Smtp:Password")),
EnableSsl = true
};
});
// Connect to the Database
services.AddDbContext<ApplicationDbContext>(options => options.UseSqlServer(this.Configuration.GetConnectionString("DefaultConnection")));
services.AddDbContext<WebSiteContext>(options => options.UseSqlServer(this.Configuration.GetConnectionString("DefaultConnection")));
// Identity Stuff
services.AddDefaultIdentity<IdentityUser>()
.AddRoles<IdentityRole>()
.AddDefaultTokenProviders()
.AddEntityFrameworkStores<ApplicationDbContext>();
// Configure Authorization
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
// Authorization
services.AddAuthorization(options =>
{
options.AddPolicy("RequireAdminRole", policy => policy.RequireRole("Admin"));
});
}
I use all of these in my Configure
Method as well 我也在我的
Configure
方法中使用了所有这些
/// <summary>
/// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
/// </summary>
/// <param name="app">App being configured</param>
/// <param name="env">Environment the app is running in</param>
/// <param name="context">Injected <see cref="DbContext"/></param>
/// <param name="userManager">Injected <see cref="UserManager{TUser}"/></param>
/// <param name="roleManager">Injected <see cref="RoleManager{TRole}"/></param>
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ApplicationDbContext context, UserManager<IdentityUser> userManager, RoleManager<IdentityRole> roleManager)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
// Set up the usings
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
// Seed the Database on Startup
Seeder.SeedDb(context, userManager, roleManager);
// Use MVC
app.UseMvc(routes =>
{
routes.MapRoute(
name: "areas",
template: "{area:exists}/{controller=Home}/{action=Index}/{id?}");
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
ManageController
Controller for my admin portion has the Authorize
Declaration 我的管理员部分的
ManageController
控制器具有Authorize
声明
/// <summary>
/// ManageController - Controller for Managing Admin Stuff
/// </summary>
[Area("admin")]
[Route("admin/[controller]")]
[Authorize(Policy = "RequireAdminRole")]
public class ManageController : Controller
{
/// <summary>
/// Private instance of the <see cref="EmailViewModel"/> class
/// </summary>
private EmailViewModel emailViewModel;
private SmtpClient smtpClient;
/// <summary>
/// Initializes a new instance of the <see cref="ManageController"/> class
/// </summary>
/// <param name="smtpClient"></param>
public ManageController(SmtpClient smtpClient)
{
this.smtpClient = smtpClient;
}
/// <summary>
/// HomePage for the admin management area
/// </summary>
/// <returns></returns>
public IActionResult Index()
{
return View();
}
}
However, when I sign in as WebAdmin and navigate to my admin/Manage
area, I get the following error: 但是,当我以WebAdmin身份登录并导航到
admin/Manage
区域时,出现以下错误:
Access Denied - You do not have access to this resource
拒绝访问-您无权访问此资源
Is there something that I'm missing when checking roles in NET Core? 在NET Core中检查角色时,我是否缺少某些东西?
I've solved this issue. 我已经解决了这个问题。 The issue lies in configuring the Identity service.
问题在于配置身份服务。 I needed to use
AddIdentity<IdentityUser, IdentityRole>()
instead of AddDefaultIdentity<IdentityUser>()
我需要使用
AddIdentity<IdentityUser, IdentityRole>()
而不是AddDefaultIdentity<IdentityUser>()
I changed 我变了
// Identity Stuff
services.AddDefaultIdentity<IdentityUser>()
.AddRoles<IdentityRole>()
.AddDefaultTokenProviders()
.AddEntityFrameworkStores<ApplicationDbContext>();
To 至
// Identity Stuff
services.AddIdentity<IdentityUser, IdentityRole>()
.AddRoles<IdentityRole>()
.AddDefaultTokenProviders()
.AddEntityFrameworkStores<ApplicationDbContext>();
And it worked. 而且有效。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.