Question

此代码使用授权仅允许管理员查看或管理用户。问题是，当我取消授权标签的角色为Constants.Administration时，它可以工作，但是当我不这样做时，它会显示访问被拒绝。

执行#included 这是我的常量类文件

namespace fptbpharmarcy
{
    public static class Constants
    {
        public const string AdministratorRole = "Administrator";
        public const string PatientRole = "Patient";
        public const string PharmarcyRole = "Pharmarcy";
        public const string EveryoneRole = "Everyone";

        public const int AdminType = 1;
        public const int PatientType = 2;
        public const int PharmarcyType = 3;

    }
}

//这是我的启动文件

      using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using fptbpharmarcy.Data;
using fptbpharmarcy.Models;
using fptbpharmarcy.Services;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Identity;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;

namespace fptbpharmarcy {
    public class Startup {
        public Startup (IConfiguration configuration) {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices (IServiceCollection services) {
            services.AddDbContext<ApplicationDbContext> (options =>
                options.UseSqlite (Configuration.GetConnectionString ("DefaultConnection")));

            services.AddIdentity<ApplicationUser, IdentityRole> ()
                .AddEntityFrameworkStores<ApplicationDbContext> ()
                .AddDefaultTokenProviders ();

            // Add application services.
            services.AddTransient<IEmailSender, EmailSender> ();

            services.AddMvc ();
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure (IApplicationBuilder app, IHostingEnvironment env, UserManager<ApplicationUser> userManager,
            RoleManager<IdentityRole> roleManager) {
            if (env.IsDevelopment ()) {
                app.UseDeveloperExceptionPage ();
                app.UseDatabaseErrorPage ();

                EnsureRolesAsync (roleManager).Wait ();
                EnsureTestAdminAsync (userManager).Wait ();

            } else {
                app.UseExceptionHandler ("/Home/Error");
            }

            app.UseStaticFiles ();

            app.UseAuthentication ();

            app.UseMvc (routes => {
                routes.MapRoute (
                    name: "default",
                    template: "{controller=Home}/{action=Index}/{id?}");
            });
        }

        private static async Task EnsureRolesAsync (RoleManager<IdentityRole> roleManager) {
            var alreadyExists = await roleManager.RoleExistsAsync (Constants.AdministratorRole);
            if (alreadyExists) return;
            await roleManager.CreateAsync (
                new IdentityRole (Constants.AdministratorRole));
        }

        private static async Task EnsureTestAdminAsync (UserManager<ApplicationUser> userManager) {

            var testAdmin = await userManager.Users.Where (x => x.Email == "superadmin@gmail.com").SingleOrDefaultAsync ();

            if (testAdmin != null) return;

            testAdmin = new ApplicationUser {
                UserName = "superadmin", Email = "superadmin@gmail.com"
            };

            await userManager.CreateAsync (testAdmin, "SECRET@12345as");
            await userManager.AddToRoleAsync (testAdmin, Constants.AdministratorRole);
        }
    }
}


 //ManageUsersController

namespace fptbpharmarcy.Controllers
{
[Authorize(Roles = Constants.AdministratorRole)]
[Route("[controller]/[action]")]
public class ManageUsersController : Controller
{
    private readonly UserManager<ApplicationUser> _userManager;

    public ManageUsersController(
      UserManager<ApplicationUser> userManager
      )
    {
        _userManager = userManager;

    }


    [HttpGet]
    public async Task<IActionResult> Index()
    {
        var admin = await _userManager.GetUsersInRoleAsync(Constants.AdministratorRole);
        var pharmacies = await _userManager.GetUsersInRoleAsync(Constants.PharmarcyRole);
        var patients = await _userManager.GetUsersInRoleAsync(Constants.PatientRole);
        var everyone = await _userManager.Users.ToArrayAsync();


        var model = new ManageUsersViewModel
        {
            Administrators = admin,
            Pharmacists = pharmacies,
            Patients = patients,
            Everyone = everyone
        };

        return View(model);
    }



}
 }

在授权发表意见时的输出安全

// [授权（Roles = Constants.AdministratorRole）] [ enter image description here ] 2

您可以看到，从上图中，没有具有管理角色的用户可以访问该文件。请问你认为究竟是什么造成了这些。我花了好几个小时试图解决这个问题。但无济于事。

如何在dotnet 2.0中重新规定管理授权访问被拒绝的问题

0 个答案: