基于角色的授权在 Asp.Net Core 2.1 中不起作用

时间:2021-03-20 20:42:50

标签: c# asp.net asp.net-core authentication authorization

我正在尝试根据 Microsoft 文档在 Asp.Net Core 2.1 中实现基于角色的授权

这是我的 Startup.cs 的样子:

    public class Startup
{
    public Startup(IConfiguration configuration)
    {
        Configuration = configuration;
    }

    public IConfiguration Configuration { get; }

    // This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    {
        services.Configure<CookiePolicyOptions>(options =>
        {
            // This lambda determines whether user consent for non-essential cookies is needed for a given request.
            options.CheckConsentNeeded = context => true;
            options.MinimumSameSitePolicy = SameSiteMode.None;
        });

        services.Configure<IdentityOptions>(options =>
        {
            // Password settings.
            options.Password.RequireDigit = true;
            options.Password.RequireLowercase = true;
            options.Password.RequireNonAlphanumeric = false;
            options.Password.RequireUppercase = true;
            options.Password.RequiredLength = 6;
            options.Password.RequiredUniqueChars = 0;
        });

        services.AddDbContext<ApplicationDbContext>(options =>
            options.UseSqlServer(
                Configuration.GetConnectionString("DefaultConnection")));

        services.AddDefaultIdentity<IdentityUser>()
            .AddRoles<IdentityRole>()                
            .AddEntityFrameworkStores<ApplicationDbContext>();

        services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
            app.UseDatabaseErrorPage();
        }
        else
        {
            app.UseExceptionHandler("/Home/Error");
            app.UseHsts();
        }

        app.UseHttpsRedirection();
        app.UseStaticFiles();
        app.UseCookiePolicy();
        app.UseAuthentication();

        app.UseMvc(routes =>
        {
            routes.MapRoute(
                name: "default",
                template: "{controller=Home}/{action=Index}/{id?}");
        });
    }

这里是控制器代码:

    [Authorize(Roles = "Admin")]
    public IActionResult About()
    {
        ViewData["Message"] = "Your application description page.";

        return View();
    }

但是,当我尝试通过分配了管理员角色的测试帐户访问此页面时 - 我收到“拒绝访问”错误。 我已经检查过并且在 DB 端一切都配置正确 - AspNetRoles 表中有 Admin 角色,我的用户在 AspNetUserRoles 表中有这个角色。我之前分别通过 RoleManager 和 UserManager 向用户添加了角色和连接。 此外 [Authorize] 标签本身也可以正常工作(不允许查看未经授权的用户的页面)。 我的问题是 - 为什么基于角色的授权不起作用?

1 个答案:

答案 0 :(得分:0)

问题已通过升级到 Asp.Net Core 3.1 解决

相关问题
最新问题