如何覆盖 ASP.NET CORE MVC 中的默认身份访问拒绝路由
[英]How to override default Identity AccessDenied route in ASP.NET CORE MVC
问题描述
I want to return a 403 status code or a customize AccessDenied view (haven't decided yet) instead of Identity/Account/AccessDenied?ReturnUrl=%2F page.
我想返回 403 状态代码或自定义 AccessDenied 视图(尚未决定)而不是Identity/Account/AccessDenied?ReturnUrl=%2F页面。 But i just don't know how to do it because it's a default configuration and works under the hood.但我只是不知道该怎么做,因为它是默认配置并且在后台工作。
Context of my application:我的应用程序的上下文:
I have 3 roles: SuperAdmin,Admin and Customer.我有 3 个角色:超级管理员、管理员和客户。 So if a user try to access unauthorized controller/action then i want to throw the respective 403 status code or customer access denied view.因此,如果用户尝试访问未经授权的控制器/操作,那么我想抛出相应的 403 状态代码或客户访问被拒绝视图。
I'm new to Identity so i just know how to customize my IdentityUser and work with Login/SignUp/LogOut and the basics of user roles.我是 Identity 的新手,所以我只知道如何自定义我的 IdentityUser 并使用登录/注册/注销和用户角色的基础知识。 So please have patience with me or try to explain the concepts as simple as possible so monkeys like me can understand it properly.所以请耐心等待我或尝试尽可能简单地解释这些概念,以便像我这样的猴子能够正确理解它。
I'm going to attach my Dependecy Injection container code, in case anyone needs it.我将附上我的 Dependecy Injection 容器代码,以备不时之需。
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
services.AddRazorPages()
.AddRazorRuntimeCompilation();
services.AddDbContextPool<RealStateDbContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("Standard")));
services.AddIdentity<AppUser, IdentityRole>()
.AddEntityFrameworkStores<RealStateDbContext>()
.AddDefaultUI()
.AddDefaultTokenProviders();
services.Configure<IdentityOptions>(options =>
{
//add this option to identity configuration
options.User.RequireUniqueEmail = true;
options.Password.RequiredLength = 1;
options.Password.RequireDigit = false;
options.Password.RequiredUniqueChars = 0;
options.Password.RequireLowercase = false;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireUppercase = false;
});
}
I'm working on asp.net core mvc 3.1, and i'm trying to refactor the scaffold identity code, so it works with the bare minimum/none of razor pages technology (as mvc as possible).我正在研究 asp.net 核心 mvc 3.1,我正在尝试重构脚手架标识代码,因此它可以使用最低限度/无 razor 页面技术(尽可能使用 mvc)。
1 个解决方案
解决方案1
1 已采纳 2021-02-16 20:43:16
If you want to have a custom page, you should be able to configure which URL to redirect the user to if they try to access a forbidden path.如果你想有一个自定义页面,你应该能够配置哪个 URL 在用户尝试访问禁止路径时将其重定向到。 With the default Identity configuration you can adjust this through the application cookie settings , like so:使用默认身份配置,您可以通过应用程序 cookie 设置进行调整,如下所示:
services.ConfigureApplicationCookie(options =>
{
options.AccessDeniedPath = "/MyHttpStatuses/AccessDenied";
});
Then you can create your Razor page like normal:然后你可以像往常一样创建你的 Razor 页面:
// /Pages/MyHttpStatuses/AccessDenied.cshtml
@page
<h2>Access Denied!</h2>
<p>Damn, looks like you're not important enough. Sorry.</p>
Now, you should be redirected to your custom URL and handle that redirect like a normal page.现在,您应该被重定向到您的自定义 URL 并像处理普通页面一样处理该重定向。 Note: you don't need to change the redirect URL if you don't want to, but this is just an example.注意:如果您不想,则不需要更改重定向 URL,但这只是一个示例。 Alternatively you could leave it at its default and create your Razor page under /Pages/Identity/Account/AccessDenied.cshtml .或者,您可以将其保留为默认值,并在 /Pages/Identity/Account/AccessDenied.cshtml 下创建您的Razor页面。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.