授权属性 - 我应该如何使用它?
[英]Authorize attribute - how should I use it?
问题描述
I used [Authorize(Roles = "Admininstrators")] to prevent users from accessing the web address under this authorization, but what should I do if I want to authorize this permission after successful login?
我使用了[Authorize(Roles = "Admininstrators")]来阻止用户在这个授权下访问web地址,但是登录成功后要授权这个权限怎么办? I don't see the method on the official website.我在官网上没有看到方法。 I don't know how to authorize admininstrators我不知道如何授权管理员
1 个解决方案
解决方案1
0 2022-01-23 09:38:18
To use [Authorize(Role)] , you must add a role to the user as in the method EnsureRole() -> await userManager.AddToRoleAsync(user, role);要使用[Authorize(Role)] ,您必须向用户添加角色,如EnsureRole() -> await userManager.AddToRoleAsync(user, role);
https://docs.microsoft.com/en-us/aspnet/core/security/authorization/secure-data?view=aspnetcore-5.0 https://docs.microsoft.com/en-us/aspnet/core/security/authorization/secure-data?view=aspnetcore-5.0
If you want to use claims for authorization, then check out this article https://docs.microsoft.com/en-us/aspnet/core/security/authorization/roles?view=aspnetcore-5.0如果您想使用声明进行授权,请查看这篇文章https://docs.microsoft.com/en-us/aspnet/core/security/authorization/roles?view=aspnetcore-5.0
you need to use [Authorization(Policy)] instead of [Authorization(Role)] and specify the necessary policies in Startup.cs您需要使用[Authorization(Policy)]而不是[Authorization(Role)]并在 Startup.cs 中指定必要的策略
services.Add authorization(parameters =>
{
options.Add a policy ("Required Administrator Role",
policy => policy.Required role ("Administrator"));
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.