没有数据库的ASP NET MVC Core 2角色 [英] ASP NET MVC Core 2 Roles without database

问题描述

我正在使用Active Directory管理我的用户及其各自的角色，这两个角色都已正确带回.

I'm using Active Directory to manage my users and their respective roles, both of these are correctly brought back.

然后我在调试时尝试通过ClaimsIdentity.AddClaim(new Claim(ClaimsType.Role, user.Role));分配角色，我看到该角色已分配并且没有任何错误.

I am then trying to assign the roles through ClaimsIdentity.AddClaim(new Claim(ClaimsType.Role, user.Role)); when debugging I can see that the role is assigned and I don't get any errors.

在家庭控制器中，我在About的IActionResult上添加了[Authorize(Roles = "Admin")]，但是当我导航到About页面时，我又回到了登录名.

In my home controller I've added [Authorize(Roles = "Admin")] on the IActionResult of About, but when I navigate to the About page I'm thrown back to the login.

该用户已获得授权，因为我在联系人上放置了[Authorize]，并且登录后可以访问此页面.

The user is authorized, as I put [Authorize] on Contact and can access this page after login.

我错过了什么阻止了角色数据属性的使用?

What have I missed that's stopping the roles data attribute being used?

帐户控制器登录代码:

[AllowAnonymous]
    [HttpPost]
    public async Task<IActionResult> Login(LoginViewModel model, string returnUrl = null)
    {
        ViewData["ReturnUrl"] = returnUrl;

        if (ModelState.IsValid)
        {
            var usr = await AuthorisationCore.AuthenticateUser(model.Username, model.Password);

            if(usr.IsAuthenticated)
            {
                // setting up claims identity
                var claims = new List<Claim>
                {
                    new Claim(ClaimTypes.Name, usr.Username),
                };
                // adding role to the claim
                var identity = new ClaimsIdentity(claims, "cookie");
                identity.AddClaim(new Claim(ClaimTypes.Role, usr.Role));
                // new claim principal with the identity of the user input
                var principal = new ClaimsPrincipal(identity);
            await HttpContext.SignInAsync("SecurityCookie", principal, new AuthenticationProperties
            {
                IsPersistent = true,
                ExpiresUtc = DateTime.UtcNow.AddHours(1)
            });

            if (Url.IsLocalUrl(returnUrl))
            {
                return Redirect(returnUrl);
            }
            else
            {
                return RedirectToAction("Index", "Home");
            }
        }
    }
    return View();
}

启动代码:

public void ConfigureServices(IServiceCollection services)
{
    // data attributes like [AllowAnonymous]
    services.AddAuthorization();
    // allows for use of cookies and to add options to them
    services
        .AddAuthentication("SecurityCookie")
        .AddCookie("SecurityCookie", cfg =>
        {
            cfg.SlidingExpiration = true;
            cfg.LoginPath = "/Account/Login";
            cfg.AccessDeniedPath = "/Account/Login";
        });

    services.AddMvc();
}

// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
        app.UseBrowserLink();
    }
    else
    {
        app.UseExceptionHandler("/Home/Error");
    }

    app.UseStaticFiles();

    app.UseAuthentication();

    app.UseMvc(routes =>
    {
        routes.MapRoute(
            name: "default",
            template: "{controller=Home}/{action=Index}/{id?}");
    });
}

推荐答案

在启动Configure函数中必须同时使用app.UseAuthorization();和app.UseAuthentication();

You must use both app.UseAuthorization(); and app.UseAuthentication(); in the startup Configure function

这篇关于没有数据库的ASP NET MVC Core 2角色的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！