【发布时间】:2021-08-23 20:44:55
【问题描述】:
如何找到一个人的角色并将其包含在令牌中,以便我可以使用它来授权角色?想法,解决方案?
用[Authorize (Role = "Administrator")]装饰的控制器返回403,所以我不认识也不能访问!
public class AuthController : ControllerBase
{
private readonly AuthOptions _authOptions;
private readonly SignInManager<User> _signInManager;
private readonly UserManager<User> _userManager;
private readonly IMapper _mapper;
public AuthController(IOptions<AuthOptions> authOption, SignInManager<User> signInManager, UserManager<User> userManager, IMapper mapper)
{
_authOptions = authOption.Value;
_signInManager = signInManager;
_userManager = userManager;
_mapper = mapper;
}
[AllowAnonymous]
[HttpPost("login")]
public async Task<IActionResult> Login([FromBody]UserForLoginDto userLoginDto)
{
var checkPassword = await _signInManager.PasswordSignInAsync(userLoginDto.Username, userLoginDto.Password,false,false);
if (checkPassword.Succeeded)
{
var signinCredentials = new SigningCredentials(_authOptions.GetSymmetricSecurityKey(), SecurityAlgorithms.HmacSha256);
var jwtSecurityToken = new JwtSecurityToken(
issuer: _authOptions.Issuer,
audience: _authOptions.Audience,
claims: new List<Claim>(),
expires: DateTime.Now.AddDays(30),
signingCredentials: signinCredentials);
var tokenHandler = new JwtSecurityTokenHandler();
var encodedToken = tokenHandler.WriteToken(jwtSecurityToken);
return Ok(new { AccessToken = encodedToken });
}
return Unauthorized();
}
}
【问题讨论】:
标签: asp.net asp.net-core jwt identity