[英]Authorize attribute - how should I use it?
I used [Authorize(Roles = "Admininstrators")]
to prevent users from accessing the web address under this authorization, but what should I do if I want to authorize this permission after successful login?我使用了
[Authorize(Roles = "Admininstrators")]
来阻止用户在这个授权下访问web地址,但是登录成功后要授权这个权限怎么办? I don't see the method on the official website.我在官网上没有看到方法。 I don't know how to authorize admininstrators
我不知道如何授权管理员
To use [Authorize(Role)]
, you must add a role to the user as in the method EnsureRole() -> await userManager.AddToRoleAsync(user, role);
要使用
[Authorize(Role)]
,您必须向用户添加角色,如EnsureRole() -> await userManager.AddToRoleAsync(user, role);
https://docs.microsoft.com/en-us/aspnet/core/security/authorization/secure-data?view=aspnetcore-5.0 https://docs.microsoft.com/en-us/aspnet/core/security/authorization/secure-data?view=aspnetcore-5.0
If you want to use claims for authorization, then check out this article https://docs.microsoft.com/en-us/aspnet/core/security/authorization/roles?view=aspnetcore-5.0如果您想使用声明进行授权,请查看这篇文章https://docs.microsoft.com/en-us/aspnet/core/security/authorization/roles?view=aspnetcore-5.0
you need to use [Authorization(Policy)]
instead of [Authorization(Role)]
and specify the necessary policies in Startup.cs您需要使用
[Authorization(Policy)]
而不是[Authorization(Role)]
并在 Startup.cs 中指定必要的策略
services.Add authorization(parameters =>
{
options.Add a policy ("Required Administrator Role",
policy => policy.Required role ("Administrator"));
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.