我正在尝试在.NET Core 2.0中执行API操作方法之前验证Active Directory角色组(使用Windows身份验证)。直截了当的like this应该符合我的需要。
我的Program.cs:
public static IWebHost BuildWebHost(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseIISIntegration()
.UseStartup<Startup>()
.Build();
ConfigureServices中的Startup.cs方法(我在appsettings.json文件中引用了一个角色组):
services.AddAuthentication();
services.AddAuthorization(options =>
{
options.AddPolicy("ValidRoleGroup", policy =>
policy.RequireRole(Configuration["AuthenticatedGroup"]));
});
services.AddMvc(config =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
config.Filters.Add(new AuthorizeFilter(policy));
});
我的Configure方法:
public void Configure(IApplicationBuilder app, IHostingEnvironment env,
ILoggerFactory loggerFactory)
{
app.UseAuthentication();
app.UseMvc();
}
然后,我用[Authorize(Policy = "ValidRoleGroup")]装饰我的方法。
当我查看Application Insights中的错误时,收到一条消息,指出Authorization failed for user: (null)。我错过了什么重要的事情吗?