asp.net 核心 2.0 - 基于声明和策略的授权

Question

我正在使用带有声明身份的 cookie 身份验证。身份验证工作正常但授权失败。

如果登录凭据匹配，这里将存储声明信息。

 var identity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme);
                identity.AddClaim(new Claim(ClaimTypes.Name, _user[0].UserName.ToString()));
                identity.AddClaim(new Claim(ClaimTypes.Role, _user[0].UserRole));
                identity.AddClaim(new Claim(ClaimTypes.Email, _user[0].UserEmail)); 
 HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(identity));

这里是 startup.cs configurationServices 方法中的授权设置

 services.AddMvc();
 services.AddAuthorization(options => {
                options.AddPolicy("Admin", policy => policy.RequireClaim("Admin"));
                options.AddPolicy("User", policy => policy.RequireClaim("User"));

            });

和控制器

 [Authorize(Policy = "Admin")]
    public class UserController : Controller
    {
//
    }

虽然管理员以角色登录，但此授权重定向到我访问被拒绝的页面。这里有什么问题？

Answer 1

您需要指定声明类型及其应具有的值

services.AddAuthorization(options => {
    options.AddPolicy("Admin", policy =>
        {
            policy.RequireClaim(ClaimTypes.Role, "Admin");
        });
     options.AddPolicy("User", policy =>
        {
            policy.RequireClaim(ClaimTypes.Role, "User");
        });
});

asp.net 核心 2.0 - 基于声明和策略的授权

asp.net core 2.0 - Claims and policy based Authorization

c#

cookies

authorization

claims-based-identity

asp.net-core-mvc