我正在开发基于角色的授权。使用User.AddIdentity成功定义角色后,退出页面时该角色消失。
[AllowAnonymous]
[HttpPost]
public IActionResult Index(User user)
{
try
{
var currentUser = _UserService.login(user, _context);
if (currentUser.userID != 0)
{
CookieOptions options = new CookieOptions();
options.Expires = DateTime.Now.AddDays(1);
var identity = new ClaimsIdentity(new[] {
new Claim(ClaimTypes.Name, currentUser.NAME_SURNAME),
new Claim(ClaimTypes.Role, "Admin")
},
"ApplicationCookie");
User.AddIdentity(new ClaimsIdentity(identity));
var isin = User.IsInRole("Admin");
var cacheValue = _UserService.stringToMd5(currentUser.NAME_SURNAME);
Response.Cookies.Append("login_cache", cacheValue, options);
TempData["error"] = null;
return RedirectToAction("index", "home");
}
else
{
TempData["error"] = "Kullanıcı adı yada şifre yanlıştır.";
return RedirectToAction("index", "home");
}
}
catch(Exception ex){
TempData["error"] = ex.Message;
//TempData["error"] = "User not found.";
return RedirectToAction("index", "home");
}
}
[Area("Admin")]
[Authorize(Roles = "Admin")]
public class FaqController : Controller
{
....
}
Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddDistributedMemoryCache();
services.AddSession();
services.AddSession(options => {
options.IdleTimeout = TimeSpan.FromMinutes(60);
});
services.AddMvc();
services.AddDbContext<ModelContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, IServiceProvider serviceProvider)
{
if (env.IsDevelopment())
{
app.UseBrowserLink();
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "admin",
template: "{area}/{controller=Home}/{action=Index}/{id?}");
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
答案 0 :(得分:2)
您尚未定义身份验证应如何应用于您的应用程序。 这应该在Startup类的ConfigureServices方法中完成。 在那里,您需要告诉框架寻找cookie并从中对用户进行身份验证。
我已经修改了您的cookie创建并添加了默认的asp.net核心方式。 然后,通过在此行的ConfigureServices方法中添加AddAuthentication()来启用cookie身份验证
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie();
这是一个完整的例子
[AllowAnonymous]
[HttpPost]
public IActionResult Index(User user)
{
try
{
var currentUser = _UserService.login(user, _context);
if (currentUser.userID != 0)
{
var claims = new List<Claim>
{
new Claim(ClaimTypes.Name, currentUser.NAME_SURNAME),
new Claim(ClaimTypes.Role, "Admin")
};
var claimsIdentity = new ClaimsIdentity(
claims, CookieAuthenticationDefaults.AuthenticationScheme);
var authProperties = new AuthenticationProperties
{
ExpiresUtc = DateTimeOffset.UtcNow.AddDays(1)
};
await HttpContext.SignInAsync(
CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(claimsIdentity),
authProperties);
return RedirectToAction("index", "home");
}
else
{
TempData["error"] = "Kullanıcı adı yada şifre yanlıştır.";
return RedirectToAction("index", "home");
}
}
catch(Exception ex){
TempData["error"] = ex.Message;
//TempData["error"] = "User not found.";
return RedirectToAction("index", "home");
}
}
然后启动
public void ConfigureServices(IServiceCollection services)
{
services.AddDistributedMemoryCache();
services.AddSession();
services.AddSession(options => {
options.IdleTimeout = TimeSpan.FromMinutes(60);
});
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie();
services.AddMvc();
services.AddDbContext<ModelContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, IServiceProvider serviceProvider)
{
if (env.IsDevelopment())
{
app.UseBrowserLink();
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "admin",
template: "{area}/{controller=Home}/{action=Index}/{id?}");
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
答案 1 :(得分:0)
您需要一个Claim Transformer,并根据角色创建策略
// ClaimsTransformer.cs
public class ClaimsTransformer : IClaimsTransformation
{
private IRepository _repository;
private IHttpContextAccessor _httpContextAccessor;
private IMemoryCache _cache;
public ClaimsTransformer(IRepository repository, IHttpContextAccessor httpContextAccessor, IMemoryCache cache)
{
_repository = repository;
_httpContextAccessor = httpContextAccessor;
_cache = cache;
}
public async Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
{
if (principal.Identity.IsAuthenticated)
{
var currentPrincipal = (ClaimsIdentity)principal.Identity;
var ci = (ClaimsIdentity)principal.Identity;
var cacheKey = ci.Name;
if (_cache.TryGetValue(cacheKey, out List<Claim> claims))
{
currentPrincipal.AddClaims(claims);
}
else
{
claims = new List<Claim>();
var isUserMasterAdmin = await _repository.IsUserMasterAdmin(ci.Name);
if (isUserMasterAdmin)
{
var c = new Claim(ClaimTypes.Role, "MasterAdmin");
claims.Add(c);
}
var isUserDeptAdmin = await _repository.IsUserDeptAdmin(ci.Name);
if (isUserDeptAdmin)
{
var c = new Claim(ClaimTypes.Role, "DeptAdmin");
claims.Add(c);
}
_cache.Set(cacheKey, claims);
currentPrincipal.AddClaims(claims);
}
}
return await Task.FromResult(principal);
}
}
// Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
services.AddTransient<IClaimsTransformation, ClaimsTransformer>();
...
services.AddAuthorization(options =>
{
options.AddPolicy("MasterAdminsOnly", policy => policy.RequireClaim(ClaimTypes.Role, "MasterAdmin"));
options.AddPolicy("AdminsOnly", policy => policy.RequireClaim(ClaimTypes.Role, "MasterAdmin", "DeptAdmin"));
});
}
// Controller.cs
[Authorize(Policy = "MasterAdminsOnly")]
public class UsersController : Controller
{
....
}