NET Core 3.1 - 403 当 [Authorize(Roles = "Administrator")]
NET Core 3.1 - 403 when [Authorize(Roles = "Administrator")]
我在 NET Core 3.1 中使用 Identity Server 功能。
当角色保护路由时,对数据库有什么要求?
例如[Authorize(Roles = "Administrator")]
- 我在
AspNetUsers table 中创建了一个用户。
- 我在
AspNetRoles table 中创建了一个角色。 name 的值为 Administrator,NormalizedName 的值为 ADMINISTRATOR。
- 我在
AspNetUserRoles table 中有一行来自用户和角色的 guid。
走这条路线时,我得到 403 Forbidden。
我是不是漏掉了什么?
编辑 1
我使用的添加角色的代码是
await userManager.AddToRoleAsync(user, "Administrator");
编辑 2
这是 Startup.cs 文件。
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Identity.UI;
using Microsoft.AspNetCore.HttpsPolicy;
using Microsoft.AspNetCore.SpaServices.ReactDevelopmentServer;
using Microsoft.EntityFrameworkCore;
using SampleApp.Data;
using SampleApp.Models;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using SampleApp.Entities;
using AutoMapper;
using System;
using SampleApp.Services;
using SampleApp.Middlewares;
namespace SampleApp
{
public class Startup
{
public IConfiguration _configuration { get; }
public Startup(IConfiguration configuration)
{
_configuration = configuration ?? throw new ArgumentNullException(nameof(configuration));
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddScoped<ISampleAppRepository, SampleAppRepository>();
var emailConfig = _configuration
.GetSection("EmailConfiguration")
.Get<EmailConfiguration>();
services.AddSingleton(emailConfig);
services.AddTransient<IPasswordHasher<User>, PasswordHasher<User>>();
services.AddScoped<IShippingEmailSender, ShippingEmailSender>();
services.AddDbContext<ApplicationDbContext>(options =>
{
options.UseSqlServer(_configuration["connectionStrings:databaseConnectionString"]);
});
services.AddDefaultIdentity<User>(options => options.SignIn.RequireConfirmedAccount = true)
.AddRoles<IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddIdentityServer()
.AddApiAuthorization<User, ApplicationDbContext>();
services.AddAuthentication()
.AddIdentityServerJwt();
services.AddControllersWithViews(setupAction =>
{
setupAction.ReturnHttpNotAcceptable = true;
}).AddXmlDataContractSerializerFormatters();
services.AddRazorPages();
// In production, the React files will be served from this directory
services.AddSpaStaticFiles(configuration =>
{
configuration.RootPath = "ClientApp/build";
});
services.AddMvc();
services.AddAutoMapper(AppDomain.CurrentDomain.GetAssemblies());
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseSpaStaticFiles();
app.UseRouting();
app.UseMiddleware<TenantDetectionMiddleware>();
app.UseAuthentication();
app.UseIdentityServer();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
endpoints.MapRazorPages();
});
app.UseSpa(spa =>
{
spa.Options.SourcePath = "ClientApp";
if (env.IsDevelopment())
{
spa.UseReactDevelopmentServer(npmScript: "start");
}
});
}
}
}
我错过了这个。
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = IdentityConstants.ApplicationScheme;
options.DefaultChallengeScheme = IdentityConstants.ApplicationScheme;
options.DefaultSignInScheme = IdentityConstants.ExternalScheme;
});
感谢这个回答!
我在 NET Core 3.1 中使用 Identity Server 功能。
当角色保护路由时,对数据库有什么要求?
例如[Authorize(Roles = "Administrator")]
- 我在
AspNetUserstable 中创建了一个用户。 - 我在
AspNetRolestable 中创建了一个角色。 name 的值为Administrator,NormalizedName 的值为ADMINISTRATOR。 - 我在
AspNetUserRolestable 中有一行来自用户和角色的 guid。
走这条路线时,我得到 403 Forbidden。
我是不是漏掉了什么?
编辑 1
我使用的添加角色的代码是
await userManager.AddToRoleAsync(user, "Administrator");
编辑 2
这是 Startup.cs 文件。
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Identity.UI;
using Microsoft.AspNetCore.HttpsPolicy;
using Microsoft.AspNetCore.SpaServices.ReactDevelopmentServer;
using Microsoft.EntityFrameworkCore;
using SampleApp.Data;
using SampleApp.Models;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using SampleApp.Entities;
using AutoMapper;
using System;
using SampleApp.Services;
using SampleApp.Middlewares;
namespace SampleApp
{
public class Startup
{
public IConfiguration _configuration { get; }
public Startup(IConfiguration configuration)
{
_configuration = configuration ?? throw new ArgumentNullException(nameof(configuration));
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddScoped<ISampleAppRepository, SampleAppRepository>();
var emailConfig = _configuration
.GetSection("EmailConfiguration")
.Get<EmailConfiguration>();
services.AddSingleton(emailConfig);
services.AddTransient<IPasswordHasher<User>, PasswordHasher<User>>();
services.AddScoped<IShippingEmailSender, ShippingEmailSender>();
services.AddDbContext<ApplicationDbContext>(options =>
{
options.UseSqlServer(_configuration["connectionStrings:databaseConnectionString"]);
});
services.AddDefaultIdentity<User>(options => options.SignIn.RequireConfirmedAccount = true)
.AddRoles<IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddIdentityServer()
.AddApiAuthorization<User, ApplicationDbContext>();
services.AddAuthentication()
.AddIdentityServerJwt();
services.AddControllersWithViews(setupAction =>
{
setupAction.ReturnHttpNotAcceptable = true;
}).AddXmlDataContractSerializerFormatters();
services.AddRazorPages();
// In production, the React files will be served from this directory
services.AddSpaStaticFiles(configuration =>
{
configuration.RootPath = "ClientApp/build";
});
services.AddMvc();
services.AddAutoMapper(AppDomain.CurrentDomain.GetAssemblies());
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseSpaStaticFiles();
app.UseRouting();
app.UseMiddleware<TenantDetectionMiddleware>();
app.UseAuthentication();
app.UseIdentityServer();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
endpoints.MapRazorPages();
});
app.UseSpa(spa =>
{
spa.Options.SourcePath = "ClientApp";
if (env.IsDevelopment())
{
spa.UseReactDevelopmentServer(npmScript: "start");
}
});
}
}
}
我错过了这个。
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = IdentityConstants.ApplicationScheme;
options.DefaultChallengeScheme = IdentityConstants.ApplicationScheme;
options.DefaultSignInScheme = IdentityConstants.ExternalScheme;
});
感谢这个回答!