身份角色未添加到用户
我想将JWT auth用于我的Web api,并将cookie auth用于Razor页面。
我对控制器使用策略授权。在我的Startup.cs中,使用以下配置,一切都对我的Razor页面有效:
services.AddIdentity<User, Role>(opt =>{
opt.Password.RequireDigit = false;
opt.Password.RequiredLength = 4;
opt.Password.RequireNonAlphanumeric = false;
opt.Password.RequireUppercase = false;
opt.Password.RequireLowercase = false;
})
.AddEntityFrameworkStores<DataContext>()
.AddRoleValidator<RoleValidator<Role>>()
.AddRoleManager<RoleManager<Role>>()
.AddSignInManager<SignInManager<User>>();
但是我的Controller端点不起作用,当我使用下面的端点时,它起作用:
IdentityBuilder builder = services.AddIdentityCore<User>(opt =>
{
opt.Password.RequireDigit = false;
opt.Password.RequiredLength = 4;
opt.Password.RequireNonAlphanumeric = false;
opt.Password.RequireUppercase = false;
opt.Password.RequireLowercase = false;
});
但是角色并未添加到用户声明中,因此我的Razor页面的授权策略属性始终返回Access Denied。
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<DataContext>(opt => opt.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services.ConfigureApplicationCookie(options =>
{
// Cookie settings
options.Cookie.HttpOnly = true;
options.ExpireTimeSpan = TimeSpan.FromDays(1);
options.LoginPath = "/Account/Login";
options.AccessDeniedPath = "/Account/AccessDenied";
options.SlidingExpiration = true;
options.Cookie.Name = Configuration.GetSection("AppSettings:AuthCookieName").Value;
});
// services.AddIdentity<User, Role>(opt =>{
// opt.Password.RequireDigit = false;
// opt.Password.RequiredLength = 4;
// opt.Password.RequireNonAlphanumeric = false;
// opt.Password.RequireUppercase = false;
// opt.Password.RequireLowercase = false;
// });
IdentityBuilder builder = services.AddIdentityCore<User>(opt =>
{
opt.Password.RequireDigit = false;
opt.Password.RequiredLength = 4;
opt.Password.RequireNonAlphanumeric = false;
opt.Password.RequireUppercase = false;
opt.Password.RequireLowercase = false;
});
builder = new IdentityBuilder(builder.UserType, typeof(Role), builder.Services);
builder.AddEntityFrameworkStores<DataContext>();
builder.AddRoleValidator<RoleValidator<Role>>();
builder.AddRoleManager<RoleManager<Role>>();
builder.AddSignInManager<SignInManager<User>>();
services.AddAuthorization(options =>{
options.AddPolicy("CorrectUserIdRequested", policy=>{
policy.AddRequirements(new CorrectUserIdRequestedRequirement());
});
options.AddPolicy("RequireAdminRole", policy => policy.RequireRole("admin"));
options.AddPolicy("RequireUserRole", policy => policy.RequireRole("admin","user"));
});
services.AddMvc(options => {
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
}).
SetCompatibilityVersion(CompatibilityVersion.Version_2_2)
.AddJsonOptions(opt =>
{
opt.SerializerSettings.ReferenceLoopHandling =
Newtonsoft.Json.ReferenceLoopHandling.Ignore;
});
// Authentication Scheme
services.AddAuthentication(IdentityConstants.ApplicationScheme)
.AddCookie(IdentityConstants.ApplicationScheme, options =>
{
//if url start with "/api" use jwt instead
options.ForwardDefaultSelector = httpContext => httpContext.Request.Path.StartsWithSegments("/api") ? JwtBearerDefaults.AuthenticationScheme : null;
})
.AddJwtBearer(o =>
{
o.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII
.GetBytes(Configuration.GetSection("AppSettings:Token").Value)),
ValidateIssuer = false,
ValidateAudience = false
};
});
Mapper.Reset();
services.AddCors();
services.AddAutoMapper(typeof(Startup));
//Injections
services.AddTransient<Seed>();
services.AddScoped<AuthService, AuthServicePasswordless>();
services.AddScoped<IUserRepository, UserRepository>();
services.AddScoped<INotificationService, SmsNotifyService>();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, Seed seeder)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler(builder => {
builder.Run(async context => {
context.Response.StatusCode = (int)HttpStatusCode.InternalServerError;
var error = context.Features.Get<IExceptionHandlerFeature>();
if(error != null){
context.Response.AddApplicationError(error.Error.Message);
await context.Response.WriteAsync(error.Error.Message);
}
});
}); // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
// app.UseHsts();
}
// app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
seeder.SeedUsers();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: null,
template: "{area:exists}/{controller=Dashboard}/{action=Index}/{id?}");
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
}
//Controller
[Authorize(Policy = "RequireAdminRole")]
[Area("Admin")]
public class DashboardController : Controller
{
public IActionResult Index(){
return View();
}
}
1 个答案:
答案 0 :(得分:2)
请注意,您创建了全新的IdentityBuilder ,然后配置了新创建的IdentityBuilder 而不是services.AddIdentityCore<>() 返回的:
IdentityBuilder builder = services.AddIdentityCore<User>(opt =>
{
opt.Password.RequireDigit = false;
opt.Password.RequiredLength = 4;
opt.Password.RequireNonAlphanumeric = false;
opt.Password.RequireUppercase = false;
opt.Password.RequireLowercase = false;
});
builder = new IdentityBuilder(builder.UserType, typeof(Role), builder.Services);
... configure the builder
如何修复:
要解决此问题,您需要配置在服务容器中注册的同一生成器:
builder = new IdentityBuilder(builder.UserType, typeof(IdentityRole), builder.Services);
最后,不要忘了先登出并再次登录以使用户获得角色。
作为旁注,您无需添加太多代码即可配置身份验证。更好的方法是调用AddDefaultIdentity<User>()而不是AddIdentityCore()来简化代码:
IdentityBuilder builder = services.AddDefaultIdentity<User>(opt =>
{
...
})
.AddRoles<Role>()
.AddDefaultTokenProviders()
.AddEntityFrameworkStores<DataContext>()
;
builder = new IdentityBuilder(builder.UserType, typeof(Role), builder.Services);
builder.AddEntityFrameworkStores<DataContext>();
builder.AddRoleValidator<RoleValidator<Role>>();
builder.AddRoleManager<RoleManager<Role>>();
builder.AddSignInManager<SignInManager<User>>();
....
services.Configure<CookieAuthenticationOptions>(IdentityConstants.ApplicationScheme,opt=>{
//if url start with "/api" use jwt instead
opt.ForwardDefaultSelector = httpContext => httpContext.Request.Path.StartsWithSegments("/api") ? JwtBearerDefaults.AuthenticationScheme : null;
});
services.AddAuthentication(IdentityConstants.ApplicationScheme)
.AddCookie(IdentityConstants.ApplicationScheme, options =>
{
//if url start with "/api" use jwt instead
options.ForwardDefaultSelector = httpContext => httpContext.Request.Path.StartsWithSegments("/api") ? JwtBearerDefaults.AuthenticationScheme : null;
})
.AddJwtBearer(o =>
{
...
});
演示:
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?