.net 核心身份 2.1 角色授权不起作用 [英] .net core identity 2.1 role authorize not working
问题描述
在 2.1 之前,我已经多次实施基于角色的身份验证.按照步骤搭建新的 2.1 标识.
我扩展了 IdentityUser 模型以添加其他字段,登录工作正常,新字段出现.
startup.cs 配置服务包含
services.AddDefaultIdentity().AddRoles<IdentityRole>().AddEntityFrameworkStores<ApplicationDbContext>(); 我为角色播种
IdentityRole 角色 = new IdentityRole();role.Name = "管理员";IdentityResult 角色结果 = 角色管理器.CreateAsync(role).Result;然后创建一个用户并添加到角色中
AppUser user = new AppUser();user.UserName = "管理员";user.Email = "admin@admin.com";user.Name = "管理员";user.LockoutEnabled = false;user.EmailConfirmed = true;IdentityResult 结果 = userManager.CreateAsync(user, "password").Result;如果(结果.成功){userManager.AddToRoleAsync(user, "Administrator").Wait();}一切顺利,数据库看起来很好(AspNetUserRoles 有链接)
但是,用角色装饰控制器总是会返回未授权
[授权(角色 = 管理员")]但是,使用 [Authorize](无角色)进行简单的登录检查即可.
我该如何解决这个问题/合并源代码的最简单方法是什么,以便我可以单步调试/调试 [Authorize] 标签?
如何解决
<块引用>但是,用角色装饰控制器总是会返回未授权
[授权(角色 = 管理员")]这是 2.1 版本中的一个已知错误.在此处查看
调试AuthorizeFiler截图:
I've implemented role based auth several times pre 2.1. Followed the steps to scaffold the new 2.1 identities.
I extended the IdentityUser model to add additional fields, login works fine, new fields are present.
startup.cs configure services contains
services.AddDefaultIdentity<AppUser>()
.AddRoles<IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>();
I seeded the roles
IdentityRole role = new IdentityRole();
role.Name = "Administrator";
IdentityResult roleResult = roleManager.
CreateAsync(role).Result;
Then created a user and added to the role
AppUser user = new AppUser();
user.UserName = "Admin";
user.Email = "admin@admin.com";
user.Name = "Administrator";
user.LockoutEnabled = false;
user.EmailConfirmed = true;
IdentityResult result = userManager.CreateAsync(user, "password").Result;
if (result.Succeeded)
{
userManager.AddToRoleAsync(user, "Administrator").Wait();
}
Everything succeeded, and the database looks fine (AspNetUserRoles has links)
However, decorating a controller with a role will always return not authorized
[Authorize(Roles = "Administrator")]
But, a simple login check with [Authorize] (no role) will work.
How might I fix this/what is the easiest way to incorporate the source code so I can step through/debug the [Authorize] tags?
How to fix
However, decorating a controller with a role will always return not authorized
[Authorize(Roles = "Administrator")]
It's a known bug in the version of 2.1 . See issue here .
I follow the advice of using the old api suggested by HaoK and C-BERBER , and it now works flawlessly .
Here's my DbContext:
public class ApplicationDbContext : IdentityDbContext<AppUser,IdentityRole,string>
{
public ApplicationDbContext(DbContextOptions<ApplicationDbContext> options)
: base(options)
{
}
}
Configure the identity using the old-style api :
services.AddIdentity<AppUser, IdentityRole>()
.AddRoleManager<RoleManager<IdentityRole>>()
.AddDefaultUI()
.AddDefaultTokenProviders()
.AddEntityFrameworkStores<ApplicationDbContext>();
Lastly , logout and re-signin , it will work as expected now .
How to Debug source code
I guess you won't want to debug the AuthorizeAttribe itself , since it is processed at compile-time . If you mean to debug the AuthorizeFilter , you can follow the steps as below :
click Tools -> Options -> Debugging
- within
General, unselect theEnable Just My Codein Visual Studio - select
Enable Source Link Support - within
Symbols, make sure that the Microsoft Symbol Servers is selected
And you can debug the source code now . However , due to the way that filter works , you need set a breakpoint before MVC . I just set a dummy middleware that will take place before the MVC router handler :
The screenshot of debugging AuthorizeFiler :
这篇关于.net 核心身份 2.1 角色授权不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
