[英]How to deny anonymous users in asp.net core razor pages?
我如何拒絕匿名用戶訪問asp.net核心中除登錄頁面以外的任何剃刀頁面?
我試過了
services.AddMvc()
.AddRazorPagesOptions(options =>
{
options.RootDirectory = "/";
options.Conventions.AllowAnonymousToPage("/Account/Login");
options.Conventions.AuthorizeFolder("/");
})
.SetCompatibilityVersion(CompatibilityVersion.Latest);
在控制器中添加屬性
[Authorize]
public class HomeController : Controller
然后在您要匿名訪問的端點中
[AllowAnonymous]
public ViewResult Index()
{
return View();
}
或者您可以創建一個basecontroller類
[Authorize]
public class BaseController : Controller
{
...
}
然后繼承
public class HomeController : BaseController
//sample code
services.AddMvc()
.AddRazorPagesOptions(options =>
{
options.Conventions.AuthorizePage("/Contact");
options.Conventions.AuthorizeFolder("/Private");
options.Conventions.AllowAnonymousToPage("/Private/PublicPage");
options.Conventions.AllowAnonymousToFolder("/Private/PublicPages");
})
//listed answer
GlobalFilters.Filters.Add(new AuthorizeAttribute() { Roles = "Admin, SuperUser" });
對於Razor Pages 2.x應用程序,您需要做的就是將以下內容添加到Configure
方法中,以防止未經授權的用戶訪問Pages文件夾或子文件夾中的任何頁面:
services.AddMvc().AddRazorPagesOptions(options => {
options.Conventions.AuthorizeFolder("/");
});
如果您使用的是.NET Core 3,則以下操作將執行相同的操作:
services.AddRazorPages(options => {
options.Conventions.AuthorizeFolder("/");
});
未經授權的用戶將被重定向到默認登錄頁面,該頁面位於Identity/Account/Login
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.