Question

我一直在尝试将策略添加到Web应用程序的管理区域，并且已将我的管理员用户和管理员角色同时添加到我的AspNetUsers，AspNetRoles和{{1} }表，但是我无法验证已签名的用户和管理员一样。

AspNetUserRoles表

AspNetUsers

AspNetRoles

AspNetUserRoles

我已经将UserId | RoleId ______________________ 123 | 123的{{1}}类中的Identity包括在内

ConfirgureServices

我在Startup方法中也使用了所有这些

/// <summary>
/// This method gets called by the runtime. Use this method to add services to the container.
/// </summary>
/// <param name="services">Services to configure</param>
public void ConfigureServices(IServiceCollection services)
{
    // Regular Cookie Policy stuff
    services.Configure<CookiePolicyOptions>(options =>
    {
        // This lambda determines whether user consent for non-essential cookies is needed for a given request.
        options.CheckConsentNeeded = context => true;
        options.MinimumSameSitePolicy = SameSiteMode.None;
    });

    // Mailing service setup
    services.AddScoped<SmtpClient>((serviceProvider) =>
    {
        return new SmtpClient
        {
            Host = this.Configuration.GetValue<string>("Email:Smtp:Host"),
            Port = this.Configuration.GetValue<int>("Email:Smtp:Port"),
            UseDefaultCredentials = false,
            Credentials = new NetworkCredential(
                    this.Configuration.GetValue<string>("Email:Smtp:Username"), 
                    this.Configuration.GetValue<string>("Email:Smtp:Password")),
            EnableSsl = true
        };
    });

    // Connect to the Database
    services.AddDbContext<ApplicationDbContext>(options => options.UseSqlServer(this.Configuration.GetConnectionString("DefaultConnection")));
    services.AddDbContext<WebSiteContext>(options => options.UseSqlServer(this.Configuration.GetConnectionString("DefaultConnection")));

    // Identity Stuff
    services.AddDefaultIdentity<IdentityUser>()
        .AddRoles<IdentityRole>()
        .AddDefaultTokenProviders()
        .AddEntityFrameworkStores<ApplicationDbContext>();

    // Configure Authorization
    services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);

    // Authorization
    services.AddAuthorization(options =>
    {
        options.AddPolicy("RequireAdminRole", policy => policy.RequireRole("Admin"));
    });
}

Configure我的管理员部分的控制器有/// <summary> /// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. /// </summary> /// <param name="app">App being configured</param> /// <param name="env">Environment the app is running in</param> /// <param name="context">Injected <see cref="DbContext"/></param> /// <param name="userManager">Injected <see cref="UserManager{TUser}"/></param> /// <param name="roleManager">Injected <see cref="RoleManager{TRole}"/></param> public void Configure(IApplicationBuilder app, IHostingEnvironment env, ApplicationDbContext context, UserManager<IdentityUser> userManager, RoleManager<IdentityRole> roleManager) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); app.UseDatabaseErrorPage(); } else { app.UseExceptionHandler("/Home/Error"); app.UseHsts(); } // Set up the usings app.UseHttpsRedirection(); app.UseStaticFiles(); app.UseCookiePolicy(); app.UseAuthentication(); // Seed the Database on Startup Seeder.SeedDb(context, userManager, roleManager); // Use MVC app.UseMvc(routes => { routes.MapRoute( name: "areas", template: "{area:exists}/{controller=Home}/{action=Index}/{id?}"); routes.MapRoute( name: "default", template: "{controller=Home}/{action=Index}/{id?}"); }); }声明

ManageController

但是，当我以WebAdmin身份登录并导航到Authorize区域时，出现以下错误：

访问被拒绝-您无权访问此资源

在NET Core中检查角色时是否缺少某些内容？

Answer 1

我已经解决了这个问题。问题在于配置身份服务。我需要使用AddIdentity<IdentityUser, IdentityRole>()而不是AddDefaultIdentity<IdentityUser>()

我改变了

// Identity Stuff
services.AddDefaultIdentity<IdentityUser>()
    .AddRoles<IdentityRole>()
    .AddDefaultTokenProviders()
    .AddEntityFrameworkStores<ApplicationDbContext>();

收件人

// Identity Stuff
services.AddIdentity<IdentityUser, IdentityRole>()
    .AddRoles<IdentityRole>()
    .AddDefaultTokenProviders()
    .AddEntityFrameworkStores<ApplicationDbContext>();

它奏效了。

拒绝管理员用户访问

1 个答案: