【问题标题】:Asp.net Core MVC Authorize Attribute not blockingAsp.net Core MVC 授权属性不阻塞
【发布时间】:2020-04-15 22:06:05
【问题描述】:

授权属性不起作用。我没有登录,它允许我访问此功能。

我已经在底部附加了我的 Startup.cs。请帮我开始。我已经在以前版本的 MVC 上成功使用了这些方法,但是我还没有成功使用 MVC 核心。

在此之后,我希望添加角色。任何关于从哪里开始的方向都将不胜感激。 谢谢

public class SecurityAccessController : Controller
{
    private SecurityAccessDbContext SecurityAccessDbContext { get; set; }

    public SecurityAccessController([FromServices] SecurityAccessDbContext SecurityAccessDbContext)
    {
        this.SecurityAccessDbContext = SecurityAccessDbContext;
    }

    // GET: /<controller>/
    [Authorize]
    public IActionResult Index()
    {
        return View();
    }
}

这是我的 Start Up.cs 按照以下评论的建议进行了更新

 public void ConfigureServices(IServiceCollection services)
    {
        // Add framework services.
        services.AddMemoryCache();
        services.AddSession();

        //Added
        services.AddBootstrapPagerGenerator(options => {options.ConfigureDefault();});

        //Database services
        services.AddEntityFrameworkSqlServer().AddDbContext<SecurityAccessDbContext>(options => { options.UseSqlServer(Configuration["ConnectionStrings:Accumatica"]); });
        services.AddEntityFrameworkSqlServer().AddDbContext<AcumaticaDbContext>(options => { options.UseSqlServer(Configuration["ConnectionStrings:Accumatica"]); });
        services.AddEntityFrameworkSqlServer().AddDbContext<RMADbContext>(options => { options.UseSqlServer(Configuration["ConnectionStrings:Accumatica"]); });
        services.AddEntityFrameworkSqlServer().AddDbContext<WarrantyDbContext>(options => { options.UseSqlServer(Configuration["ConnectionStrings:Accumatica"]); });
        services.AddEntityFrameworkSqlServer().AddDbContext<GenericDbContext>(options => { options.UseSqlServer(Configuration["ConnectionStrings:Accumatica"]); });
        services.AddEntityFrameworkSqlServer().AddDbContext<ApplicationIdentityDbContext>(options => { options.UseSqlServer(Configuration["ConnectionStrings:Accumatica"]); });

        services.AddIdentity<ApplicationUser, ApplicationRole>(options =>
        {
            options.Cookies.ApplicationCookie.LoginPath = "/Account/Login";
            options.Cookies.ApplicationCookie.AccessDeniedPath = "/Home/AccessDenied";
        })
        .AddEntityFrameworkStores<ApplicationIdentityDbContext>()
        .AddDefaultTokenProviders();

        services.AddMvc();

        services.AddTransient<IEmailSender, AuthMessageSender>();
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
    {
        loggerFactory.AddConsole(Configuration.GetSection("Logging"));
        loggerFactory.AddDebug();

        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
            app.UseBrowserLink();
        }
        else
        {
            app.UseExceptionHandler("/Home/Error");
        }

        app.UseStaticFiles();

        app.UseSession();

        app.UseIdentity();

        app.UseMvcWithDefaultRoute();
    }

【问题讨论】:

    标签: asp.net-core


    【解决方案1】:

    在添加Mvc 之前添加Identity。此外,您不需要添加Authorization,因为在添加Identity 时已经完成,如here 所示。您还可以配置您的身份选项,例如登录路径,而无需配置CookieAuthenticationOptions。相反,您可以在添加Identity时进行配置。

    这是代码的外观。

    // Remove me
    // services.AddAuthorization();
    
    // Remove me too
    // services.Configure<CookieAuthenticationOptions>(options =>
    // ....
    
    services.AddIdentity<ApplicationUser, IdentityRole>(options =>
    {
        options.Cookies.ApplicationCookie.LoginPath = "/Account/Login";
        options.Cookies.ApplicationCookie.AccessDeniedPath = "/Home/AccessDenied";
        options.Cookies.ApplicationCookie.AutomaticChallenge = true;
        options.Cookies.ApplicationCookie.AutomaticAuthenticate = true;
    })
    .AddEntityFrameworkStores<ApplicationIdentityDbContext>()
    .AddDefaultTokenProviders();
    
    services.AddMvc();
    

    【讨论】:

    • 我尝试了您的建议,但 [Authorize] 仍然无效
    【解决方案2】:

    我找到了问题

    文件launchsettings.json有

     "iisSettings": {
        "windowsAuthentication": true,
    

    我改成

      "iisSettings": {
        "windowsAuthentication": false,
    

    【讨论】:

      【解决方案3】:

      上面的回答对我也有帮助,但我可以补充一点,如果您希望 [AllowAnonymous] 属性起作用,您还需要将 anonymousAuthentication 更改为 true:

        "iisSettings": {
      "windowsAuthentication": false,
      "anonymousAuthentication": true,
      

      【讨论】:

        猜你喜欢
        • 2018-08-19
        • 2018-11-23
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 2011-09-03
        • 1970-01-01
        • 2021-01-12
        相关资源
        最近更新 更多