ASP Core Azure Active Directory登录使用角色 [英] ASP Core Azure Active Directory Login use roles

问题描述

我创建了一个Azure Active Directory应用程序，我想使用基于角色的安全性.我按照以下教程进行操作: https ://azure.microsoft.com/zh-CN/resources/samples/active-directory-dotnet-webapp-openidconnect-aspnetcore/

I created an Azure Active Directory Application and i want to use role based security. I followed the tutorial on: https://azure.microsoft.com/en-us/resources/samples/active-directory-dotnet-webapp-openidconnect-aspnetcore/

登录有效，我将角色添加到应用程序清单中，并将角色Approver分配给我自己的帐户.现在我想使用这些角色.

The login works, I added roles to the application manifest and assigned the role Approver to my own account. Now i want to use these roles.

登录后，控制器中将执行以下操作:

After login the following works in the controller:

[Authorize]

但是在添加角色时，用户无权授权:

But when adding the role the user is not authorized:

[Authorize(Roles="Approver")]

以下内容还返回false:

Also the following returns false:

User.IsInRole("Approver");

似乎角色没有恢复，关于如何向此演示项目中添加角色功能的任何建议?

It seems the roles are not retreived, any suggestions on how to add the role functionality to this demo project?

推荐答案

将角色分配给account之后，此代码示例对我有用.请在以下行中调试应用程序:User.IsInRole("Approver"); ，检查用户声明中是否存在{http://schemas.microsoft.com/ws/2008/06/identity/claims/role: Approver}.并确保您添加角色，其中allowedMemberTypes是用户，例如:

This code sample works for me after assign roles to account . Please debug application in this line: User.IsInRole("Approver"); , check whether {http://schemas.microsoft.com/ws/2008/06/identity/claims/role: Approver}exists in user claims . And make sure you add roles which allowedMemberTypes is user , for example :

{
      "allowedMemberTypes": [
        "User"
      ],
      "displayName": "Approver",
      "id": "fc803414-3c61-4ebc-a5e5-cd1675c14bbb",
      "isEnabled": true,
      "description": "Approvers have the ability to change the status of tasks.",
      "value": "Approver"
    },

您已经在Enterprise applications-> All applications->中找到了用户角色，然后找到了应用程序-> Users and groups->添加/编辑用户并分配了角色:

And you have assign the user role in Enterprise applications-->All applications--> find your app-->Users and groups--> add/edit a user and assign roles :

这篇关于ASP Core Azure Active Directory登录使用角色的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！