.net 核心身份 2.1 角色授权不起作用

本文介绍了 核心身份 2.1 角色授权不起作用的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

在 2.1 之前，我已经多次实施基于角色的身份验证.按照步骤搭建新的 2.1 标识.

我扩展了 IdentityUser 模型以添加其他字段，登录工作正常，新字段出现.

startup.cs 配置服务包含

services.AddDefaultIdentity().AddRoles<IdentityRole>().AddEntityFrameworkStores<ApplicationDbContext>();

我为角色播种

IdentityRole 角色 = new IdentityRole();role.Name = "管理员";IdentityResult 角色结果 = 角色管理器.CreateAsync(role).Result;

然后创建一个用户并添加到角色中

AppUser user = new AppUser();user.UserName = "管理员";user.Email = "admin@admin";user.Name = "管理员";user.LockoutEnabled = false;user.EmailConfirmed = true;IdentityResult 结果 = userManager.CreateAsync(user, "password").Result;如果(结果.成功){userManager.AddToRoleAsync(user, "Administrator").Wait();}

一切顺利，数据库看起来很好(AspNetUserRoles 有链接)

但是，用角色装饰控制器总是会返回未授权

[授权(角色 = 管理员")]

但是，使用 [Authorize](无角色)进行简单的登录检查即可.

我该如何解决这个问题/合并源代码的最简单方法是什么，以便我可以单步调试/调试 [Authorize] 标签?

解决方案

如何解决

但是，用角色装饰控制器总是会返回未授权

[授权(角色 = 管理员")]

这是 2.1 版本中的一个已知错误.在此处查看

调试AuthorizeFiler截图:

I've implemented role based auth several times pre 2.1. Followed the steps to scaffold the new 2.1 identities.

I extended the IdentityUser model to add additional fields, login works fine, new fields are present.

startup.cs configure services contains

services.AddDefaultIdentity<AppUser>() .AddRoles<IdentityRole>() .AddEntityFrameworkStores<ApplicationDbContext>();

I seeded the roles

IdentityRole role = new IdentityRole(); role.Name = "Administrator"; IdentityResult roleResult = roleManager. CreateAsync(role).Result;

Then created a user and added to the role

AppUser user = new AppUser(); user.UserName = "Admin"; user.Email = "admin@admin"; user.Name = "Administrator"; user.LockoutEnabled = false; user.EmailConfirmed = true; IdentityResult result = userManager.CreateAsync(user, "password").Result; if (result.Succeeded) { userManager.AddToRoleAsync(user, "Administrator").Wait(); }

Everything succeeded, and the database looks fine (AspNetUserRoles has links)

However, decorating a controller with a role will always return not authorized

[Authorize(Roles = "Administrator")]

But, a simple login check with [Authorize] (no role) will work.

How might I fix this/what is the easiest way to incorporate the source code so I can step through/debug the [Authorize] tags?

解决方案

How to fix

However, decorating a controller with a role will always return not authorized

[Authorize(Roles = "Administrator")]

It's a known bug in the version of 2.1 . See issue here .

I follow the advice of using the old api suggested by HaoK and C-BERBER , and it now works flawlessly .

Here's my DbContext:

public class ApplicationDbContext : IdentityDbContext<AppUser,IdentityRole,string> { public ApplicationDbContext(DbContextOptions<ApplicationDbContext> options) : base(options) { } }

Configure the identity using the old-style api :

services.AddIdentity<AppUser, IdentityRole>() .AddRoleManager<RoleManager<IdentityRole>>() .AddDefaultUI() .AddDefaultTokenProviders() .AddEntityFrameworkStores<ApplicationDbContext>();

Lastly , logout and re-signin , it will work as expected now .

How to Debug source code

I guess you won't want to debug the AuthorizeAttribe itself , since it is processed at compile-time . If you mean to debug the AuthorizeFilter , you can follow the steps as below :

click Tools -> Options -> Debugging

within General , unselect the Enable Just My Code in Visual Studio

select Enable Source Link Support

within Symbols , make sure that the Microsoft Symbol Servers is selected

And you can debug the source code now . However , due to the way that filter works , you need set a breakpoint before MVC . I just set a dummy middleware that will take place before the MVC router handler :

The screenshot of debugging AuthorizeFiler :