我正在使用asp.net core 2.2。我使用Visual Studio 2019创建了一个空的Web应用程序。我将此代码添加到了Startup.cs的configure services方法中:
services.AddMvc(config =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
config.Filters.Add(new AuthorizeFilter(policy));
});
所以我的方法如下:
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContextPool<AppDBContext>(options => options.UseSqlServer(_config.GetConnectionString("EmployeeDBConnection")));
services.AddIdentity<IdentityUser, IdentityRole>(options =>
{
options.Password.RequiredLength = 10;
options.Password.RequiredUniqueChars = 3;
options.Password.RequireNonAlphanumeric = false;
}).AddEntityFrameworkStores<AppDBContext>();
services.AddMvc(config =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
config.Filters.Add(new AuthorizeFilter(policy));
});
//services.AddMvc();
services.AddScoped<IEmployeeRepository, SQLEmployeeRepository>();
}
我希望这会使整个应用程序都需要授权,但是,如果我使用任何控制器和操作,我都可以直接查看而无需登录。我是否需要做任何额外的事情来配置或强制执行?
我试图在类本身上添加[Authorize]属性。这是我的控制器开头的样子:
using System.Threading.Tasks;
using EmployeeManagement.ViewModels;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
namespace EmployeeManagement.Controllers
{
[Authorize]
public class AccountController : Controller
{
private readonly UserManager<IdentityUser> userManager;
private readonly SignInManager<IdentityUser> signInManager;
public AccountController(UserManager<IdentityUser> userManager, SignInManager<IdentityUser> signInManager)
{
this.userManager = userManager;
this.signInManager = signInManager;
}
.
.
.
我还需要做什么来强制页面要求登录/授权?