我一直面临[Authorize]
属性的问题。我有两个角色管理员和用户。我已经用类似[Authorize(Roles = "Admin")]
的Authorize属性修饰了控制器。但在同一个控制器中,我希望管理员和用户都可以访问某些方法。到目前为止,我所研究的是,默认情况下[Authorize]
属性是可添加的,因此如果我在方法中使用[Authorize(Roles = "User")]
,则用户必须同时担任Admin和user角色才能访问该方法。但我想要的行为是,控制器中的一些方法应该对两个角色都可以访问。
提前谢谢。
多个authorize属性是可添加的,但roles
属性不是。
所以,这是添加剂:
[Authorize(Roles = "Admin")]
[Authorize(Roles = "User")]
public class MyController : Controller
{
public IActionResult Index()
{
return Content("You have to be admin AND user to see this");
}
}
这也是添加剂:
[Authorize(Roles = "Admin")]
public class MyController : Controller
{
[Authorize(Roles = "User")]
public IActionResult Index()
{
return Content("You have to be admin AND user to see this");
}
}
但这不是:
[Authorize(Roles = "Admin, User")]
public class MyController : Controller
{
public IActionResult Index()
{
return Content("You have to be admin OR user to see this");
}
}
这意味着:
[Authorize(Roles = "Admin, User")]
public class MyController : Controller
{
[Authorize(Roles = "Admin")]
public IActionResult Index()
{
return Content("You have to be admin to see this. But in other methods of this controller you can be Admin OR User");
}
}