所以... 我现在尝试了大约 2 个小时,无法让它工作。
问题是,如果我尝试像这样使用基于角色的授权
[Authorize]
public ActionResult createBill() {
return View();
}
完全没有问题 但是当我尝试像这样使用它时
[Authorize(Roles = "Admin")]
public ActionResult createBill() {
return View();
}
我只得到授权失败。 在控制台中
我已经做到了
await RoleManager.CreateAsync(new IdentityRole("Admin"));
await UserManager.AddToRoleAsync(user, "Admin");
Console.WriteLine(User.IsInRole("Admin")); <- Return true
是的,我尝试重新登录 这是我的配置服务
public void ConfigureServices(IServiceCollection services) {
services.AddLiveReload();
services.AddDbContext<WebinterfaceDbContext>();
services.AddIdentity<WebinterfaceUser, IdentityRole>().AddEntityFrameworkStores<WebinterfaceDbContext>();
services.AddRazorPages().AddRazorRuntimeCompilation();
services.AddMvc(options => { options.Filters.Add(new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build())); }).AddRazorRuntimeCompilation();
services.AddAuthorization(options => { options.AddPolicy("RequireAdministratorRole", policy => policy.RequireRole("Admin")); });
services.AddControllersWithViews();
services.Configure<KestrelServerOptions>(options => { options.AllowSynchronousIO = true; });
}
这是配置
public void Configure(IApplicationBuilder app, IWebHostEnvironment env) {
if (env.IsDevelopment()) {
app.UseDeveloperExceptionPage();
} else {
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseLiveReload();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthorization();
app.UseAuthentication();
app.UseEndpoints(endpoints => {
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
endpoints.MapRazorPages();
});
}
我使用了AspNet MVC的标准模板
我正在使用这些软件包
<PackageReference Include="EntityFramework" Version="6.3.0-preview8-19405-04" />
<PackageReference Include="Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation" Version="3.0.0-preview8.19405.7" />
<PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="3.0.0-preview8.19405.7" />
<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="3.0.0-preview8.19405.11" />
<PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="3.0.0-preview8.19405.11" />
<PackageReference Include="Westwind.AspnetCore.LiveReload" Version="0.1.5.2" />
还有 netcoreapp3.0
my DbContext
public class WebinterfaceDbContext : IdentityDbContext<WebinterfaceUser> {
public DbSet<Bill> Bills { get; set; }
protected override void OnModelCreating(ModelBuilder builder) {
builder.Entity<WebinterfaceUser>().Property(e => e.Servers).HasConversion(e => JsonConvert.SerializeObject(e), e => JsonConvert.DeserializeObject<Collection<Guid>>(e));
builder.Entity<WebinterfaceUser>().Property(e => e.ApiKeys).HasConversion(e => JsonConvert.SerializeObject(e), e => JsonConvert.DeserializeObject<Collection<Guid>>(e));
builder.Entity<Bill>().Property(e => e.Components).HasConversion(e => JsonConvert.SerializeObject(e), e => JsonConvert.DeserializeObject<Collection<BillComponent>>(e));
base.OnModelCreating(builder);
}
protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder) {
optionsBuilder.UseSqlServer("User ID=sa;Password=123456;Server=localhost;Database=Webinteface;");
}
}
同样糟糕的是,我的 Web 界面用户中的"账单"列表永远不会被实体框架填充......我不知道该怎么办,遇到所有这些问题是如此令人沮丧。
顺便说一句,这是我的网络界面用户
public class WebinterfaceUser : IdentityUser {
public string FirstName { get; set; }
public string LastName { get; set; }
public string? Company { get; set; }
public string Street { get; set; }
public int StreetNumber { get; set; }
public int Zip { get; set; }
public string City { get; set; }
public string Country { get; set; }
public Collection<Guid> Servers { get; set; } = new Collection<Guid>();
public Collection<Guid> ApiKeys { get; set; } = new Collection<Guid>() {Guid.NewGuid()};
public Guid SupportApiKey { get; set; } = Guid.NewGuid();
public Collection<Bill> Bills { get; set; } = new Collection<Bill>();
public List<Bill> getBills() {
return new WebinterfaceDbContext().Bills.Where(b => b.Recipient == this).ToList();
}
public List<Server> getOwnedServers() {
ServerContext context = new ServerContext();
return context.Servers.Where(s => Servers.Contains(s.Guid)).ToList();
}
public Server getServerByGuid(Guid guid) {
return getOwnedServers().Find(s => s.Guid == guid);
}
}
我刚刚遇到了这个确切的问题。这是因为 dotnet core 3.0 中的授权行为发生了一些变化。
根据Microsoft的迁移文档,您必须放置应用程序。使用授权() AFTER app.使用身份验证()。完成此操作后,授权角色应该可以正常工作。