我有一个ASP.NET Core 3.0应用。我正在使用基于角色的授权。我的Startup.cs看起来像这样。
public void ConfigureServices(IServiceCollection services)
{
services.AddRazorPages();
services.Configure<CookiePolicyOptions>(options =>
{
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddAuthentication().AddCookie();
services.AddAuthorization(options =>
{
options.AddPolicy("Admin", authBuilder => { authBuilder.RequireRole("Admin"); });
});
services.AddIdentity<SiteUser, IdentityRole>(x =>
{
x.Lockout.AllowedForNewUsers = true;
x.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(2);
x.Lockout.MaxFailedAccessAttempts = 3;
x.Password.RequireNonAlphanumeric = true;
x.Password.RequireUppercase = true;
}).AddEntityFrameworkStores<SiteDbContext>();
services.AddDbContext<SiteDbContext>(dbContextOptionBuilder =>
dbContextOptionBuilder.UseLoggerFactory(ConsoleFactory)
.UseSqlServer(Configuration.GetConnectionString(ConfigurationSettings.LocalDbKeyName)));
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Error/500");
app.UseStatusCodePagesWithReExecute("/Error/{0}");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
app.UseAuthentication();
app.UseAuthorization();
app.UseRouting();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute("default", "{controller=Home}/{action=Index}/{id?}");
endpoints.MapControllers();
});
在我的Controller类中,我具有适当的Authorize属性,例如,
[Authorize(Roles = "Admin")]
public ActionResult Index()
{
var users= getSomeUsers();
return View(users);
}
AspNetRoles表中有2个角色,即管理员和用户。但是,没有管理员角色的用户帐户可以访问“索引”操作方法。它允许任何经过身份验证的用户访问页面,而不是将访问权限限制为具有正确角色(即管理员角色)的用户。我想念什么?
检查您的用户对象是否具有管理员角色。如果您在授权中使用roles属性,则可以从代码中删除此行。
options.AddPolicy("Admin", authBuilder => { authBuilder.RequireRole("Admin"); });
希望这会有所帮助。