Asp.net用户处于角色,但[Authorize(Roles =“ Admin”)]返回授权失败

时间:2019-08-25 15:28:58

标签: asp.net-mvc asp.net-identity roles role-base-authorization .net-core-3.0

所以...我现在尝试了两个小时,无法正常工作。

问题是,如果我尝试使用像这样的基于角色的授权

update-function-code

完全没问题 但是当我尝试像这样使用它

[Authorize]
public ActionResult createBill() {
    return View();
}

我仅获得授权失败。在控制台中

我已经做到了

[Authorize(Roles = "Admin")]
public ActionResult createBill() {
    return View();
}

是的,我尝试重新记录 这是我的ConfigureServices 

await RoleManager.CreateAsync(new IdentityRole("Admin"));
await UserManager.AddToRoleAsync(user, "Admin");
Console.WriteLine(User.IsInRole("Admin")); <- Return true

这是配置

public void ConfigureServices(IServiceCollection services) {
    services.AddLiveReload();
    services.AddDbContext<WebinterfaceDbContext>();
    services.AddIdentity<WebinterfaceUser, IdentityRole>().AddEntityFrameworkStores<WebinterfaceDbContext>();
    services.AddRazorPages().AddRazorRuntimeCompilation();
    services.AddMvc(options => { options.Filters.Add(new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build())); }).AddRazorRuntimeCompilation();
    services.AddAuthorization(options => { options.AddPolicy("RequireAdministratorRole", policy => policy.RequireRole("Admin")); });
    services.AddControllersWithViews();
    services.Configure<KestrelServerOptions>(options => { options.AllowSynchronousIO = true; });
}

我使用了AspNet MVC的标准模板
我正在使用这些软件包

public void Configure(IApplicationBuilder app, IWebHostEnvironment env) {
    if (env.IsDevelopment()) {
        app.UseDeveloperExceptionPage();
    } else {
        app.UseExceptionHandler("/Home/Error");
        // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
        app.UseHsts();
    }
    app.UseLiveReload();
    app.UseStaticFiles();
    app.UseRouting();
    app.UseAuthorization();
    app.UseAuthentication();
    app.UseEndpoints(endpoints => {
        endpoints.MapControllerRoute(
            name: "default",
            pattern: "{controller=Home}/{action=Index}/{id?}");
        endpoints.MapRazorPages();
    });
}

也netcoreapp3.0
我的DbContext 

<PackageReference Include="EntityFramework" Version="6.3.0-preview8-19405-04" />
<PackageReference Include="Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation" Version="3.0.0-preview8.19405.7" />
<PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="3.0.0-preview8.19405.7" />
<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="3.0.0-preview8.19405.11" />
<PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="3.0.0-preview8.19405.11" />
<PackageReference Include="Westwind.AspnetCore.LiveReload" Version="0.1.5.2" />

还很糟糕的是,我的Webinterface User中定义的列表“ Bills”从来没有被实体框架填充.....我现在不知道该怎么办,因此令人沮丧的是遇到了所有这些问题。
顺便说一句,这是我的WebinterfaceUser 

public class WebinterfaceDbContext : IdentityDbContext<WebinterfaceUser> {
    public DbSet<Bill> Bills { get; set; }
    protected override void OnModelCreating(ModelBuilder builder) {
        builder.Entity<WebinterfaceUser>().Property(e => e.Servers).HasConversion(e => JsonConvert.SerializeObject(e), e => JsonConvert.DeserializeObject<Collection<Guid>>(e));
        builder.Entity<WebinterfaceUser>().Property(e => e.ApiKeys).HasConversion(e => JsonConvert.SerializeObject(e), e => JsonConvert.DeserializeObject<Collection<Guid>>(e));

        builder.Entity<Bill>().Property(e => e.Components).HasConversion(e => JsonConvert.SerializeObject(e), e => JsonConvert.DeserializeObject<Collection<BillComponent>>(e));


        base.OnModelCreating(builder);
    }

    protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder) {
        optionsBuilder.UseSqlServer("User ID=sa;Password=123456;Server=localhost;Database=Webinteface;");
    }
}

1 个答案:

答案 0 :(得分:0)

我只是遇到了这个确切的问题。这是因为dotnet core 3.0中的授权行为有所更改。

根据Microsoft's migration docs,您必须在app.UseAuthentication()之后放置app.UseAuthorization()。完成后,授权角色就可以正常工作。

相关问题
最新问题