如果用户的角色与已有的角色不匹配,我尝试向用户添加角色,并删除匹配的角色,但出现以下错误:
用户安全标记不能为空。
控制器:
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Edit(string id, User user, string[] roles)
{
if (id != user.Id)
{
return NotFound();
}
if (ModelState.IsValid)
{
try
{
var listOfRoles = await privateUser.GetRolesAsync(user);
foreach (var role in listOfRoles.Except(roles))
{
await privateUser.RemoveFromRoleAsync(user, role);
}
foreach (var role in roles.Except(listOfRoles))
{
await privateUser.AddToRoleAsync(user, role);
}
await _context.SaveChangesAsync();
}
catch (DbUpdateConcurrencyException)
{
if (!UserExists(user.Id))
{
return NotFound();
}
else
{
throw;
}
}
return RedirectToAction(nameof(Index));
}
return View(user);
}
您正在使用通过
POSTUserSecurityStamp请勿发布
UserUser.Id[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Edit(string id, string[] roles)
{
var user = await _userManager.FindByIdAsync(id);
if (user == null)
{
return NotFound();
}
// the rest of your code
}
UPDATE(用于同时修改用户)
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Edit(string id, User model, string[] roles)
{
var user = await _userManager.FindByIdAsync(id);
if (user == null)
{
return NotFound();
}
// map over the values from "model" (i.e. the posted "User")
// use "user", not "model" for role management functions
user.FirstName = model.FirstName;
// the rest of your code
}