![](/img/trans.png)
[英]Troubleshooting ASP.NET Core Role-based Authorization with Windows Authentication
[英]Role-based authorization doesn't work in Asp.Net Core 2.1
我正在嘗試根據 Microsoft 文檔在 Asp.Net Core 2.1 中實現基於角色的授權
這是我的 Startup.cs 的樣子:
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.Configure<IdentityOptions>(options =>
{
// Password settings.
options.Password.RequireDigit = true;
options.Password.RequireLowercase = true;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireUppercase = true;
options.Password.RequiredLength = 6;
options.Password.RequiredUniqueChars = 0;
});
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(
Configuration.GetConnectionString("DefaultConnection")));
services.AddDefaultIdentity<IdentityUser>()
.AddRoles<IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
這是 controller 代碼:
[Authorize(Roles = "Admin")]
public IActionResult About()
{
ViewData["Message"] = "Your application description page.";
return View();
}
但是,當我嘗試通過分配了管理員角色的測試帳戶訪問此頁面時 - 我收到“訪問被拒絕”錯誤。 我已經檢查並在數據庫端所有配置正確 - AspNetRoles 表中有管理員角色,我的用戶在 AspNetUserRoles 表中有這個角色。 我之前分別通過 RoleManager 和 UserManager 添加了角色和與用戶的連接。 [Authorize] 標簽本身也可以正常工作(不允許未經授權的用戶查看頁面)。 我的問題是 - 為什么基於角色的授權不起作用?
問題已通過升級到 Asp.Net Core 3.1 得到解決
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.