我正在实施ServiceStack的角色和权限。我发了
{"UserName":"JASON1","Permissions":["CanAccess"],"Roles":["Admin"]}
通过http://localhost:15465/api/json/reply/AssignRoles
但我得到了以下错误:
{
"AllRoles": [],
"AllPermissions": [],
"ResponseStatus": {
"ErrorCode": "Invalid Role",
"Message": "Invalid Role",
"StackTrace": "[AssignRoles: 3/11/2015 11:12:02 PM]:\n[REQUEST: {UserName:JASON1,Permissions:[CanAccess],Roles:[Admin]}]\nServiceStack.HttpError: Invalid Role\r\n at ServiceStack.RequiredRoleAttribute.AssertRequiredRoles(IRequest req, String[] requiredRoles)\r\n at ServiceStack.Auth.AssignRolesService.Post(AssignRoles request)\r\n at lambda_method(Closure , Object , Object )\r\n at ServiceStack.Host.ServiceRunner`1.Execute(IRequest request, Object instance, TRequest requestDto)",
"Errors": []
}
}
解决方案是什么?一些内置角色和权限在哪里?我找不到任何信息?感谢。
答案 0 :(得分:1)
AssignRolesService不应该被任何人调用,默认情况下,RoleNames.Admin只能由IAuthRepository.AssignRoles()中的某个人调用,即Admin Role。
您可以通过使用自己的自定义服务来分配角色来忽略此默认行为,这些角色只是public class CustomRolesService : Service
{
public IAuthRepository AuthRepo { get; set; }
public object Post(AssignRoles request)
{
var userAuth = AuthRepo.GetUserAuthByUserName(request.UserName);
if (userAuth == null)
throw HttpError.NotFound(request.UserName);
AuthRepo.AssignRoles(userAuth, request.Roles, request.Permissions);
return new AssignRolesResponse();
}
}
API的包装,例如:
SetConfig(new HostConfig { AdminAuthSecret = "secretz" });
为了帮助开发,ServiceStack还支持specifying a master password:
?authsecret=secretz
然后,您可以使用QueryString绕过任何受保护的服务:
{{1}}