有没有办法在 ASP.NET Core Web API 中添加基于角色的身份验证?
[英]Is there a way to add role-based authentication in ASP.NET Core Web API?
问题描述
I am trying to create an ASP.NET Core Web API project with role-based authorization, but there isn't any guide or article about it without using ASP.NET Core web app and razor pages which I don't want to use because I am making my own UI in angular.
我正在尝试使用基于角色的授权创建一个 ASP.NET Core Web API 项目,但是没有任何指南或文章没有使用我不想使用的 ASP.NET Core Web 应用程序和剃刀页面,因为我正在制作自己的 UI 角度。 But also I want to do all logic behind authentication and authorization on BE.Is there any guide for step-by-step implementation of role-based authorization?但我也想在 BE 上完成身份验证和授权背后的所有逻辑。是否有逐步实施基于角色的授权的指南?
I have 3 roles: sysAdmin, employee, patient .我有 3 个角色: sysAdmin, employee, patient 。
I have only one option for authentication and authorization and that is checking if session is expired for that account, but how do I hide content for that user?我只有一个身份验证和授权选项,即检查该帐户的会话是否已过期,但如何隐藏该用户的内容?
1 个解决方案
解决方案1
0 已采纳 2022-12-23 11:08:37
When we have a web app, we can let users sign in and the request are all inside the server, so the cookie which contained user information can worked well for authorization.当我们有一个 web app 时,我们可以让用户登录,请求都在服务器内部,所以包含用户信息的 cookie 可以很好地用于授权。 but when you have a SPA + web api, they usually use access token for authorization.但是当你有 SPA + web api 时,他们通常使用访问令牌进行授权。 and that's why I share the link with you, it showed how to authenticate the SPA.这就是我与您分享链接的原因,它展示了如何验证 SPA。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.