.net core 授权作品，但角色不'；t使用JWT在dotnet核心中工作_.net Core_Jwt

.net core 授权作品，但角色不'；t使用JWT在dotnet核心中工作

.net-core jwt

.net core 授权作品，但角色不'；t使用JWT在dotnet核心中工作,.net-core,jwt,.net Core,Jwt,我像下面这样使用JWT，当只使用Authorize时，它可以正常工作，但当想要使用角色时，它就不工作了启动： public void ConfigureServices(IServiceCollection services) { //... AddOAuthProviders(services); //... } public IServiceCollection Ad

我像下面这样使用JWT，当只使用Authorize时，它可以正常工作，但当想要使用角色时，它就不工作了
启动：

public void ConfigureServices(IServiceCollection services) { //... AddOAuthProviders(services); //... } public IServiceCollection AddOAuthProviders(IServiceCollection services) { services.AddAuthentication(x => { x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }).AddJwtBearer(options => { options.Events = new JwtBearerEvents { OnTokenValidated = context => { return Task.CompletedTask; }, }; options.RequireHttpsMetadata = false; options.SaveToken = true; options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Security.secretKey)), ValidateIssuer = false, ValidateAudience = false }; }); return services; } public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IUnitOfWork uow) { //.... app.UseAuthentication(); app.UseAuthorization(); //... }

//... var claims = new List<Claim> { new Claim(ClaimTypes.Name, user.UserId.ToString()), new Claim(ClaimTypes.Role, userRoles),//Read,Write }; //...

[HttpPost] [Authorize(Roles = "Write")] public ActionResult Insert ...
在身份验证方法中：

public void ConfigureServices(IServiceCollection services) { //... AddOAuthProviders(services); //... } public IServiceCollection AddOAuthProviders(IServiceCollection services) { services.AddAuthentication(x => { x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }).AddJwtBearer(options => { options.Events = new JwtBearerEvents { OnTokenValidated = context => { return Task.CompletedTask; }, }; options.RequireHttpsMetadata = false; options.SaveToken = true; options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Security.secretKey)), ValidateIssuer = false, ValidateAudience = false }; }); return services; } public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IUnitOfWork uow) { //.... app.UseAuthentication(); app.UseAuthorization(); //... }

//... var claims = new List<Claim> { new Claim(ClaimTypes.Name, user.UserId.ToString()), new Claim(ClaimTypes.Role, userRoles),//Read,Write }; //...

[HttpPost] [Authorize(Roles = "Write")] public ActionResult Insert ...

通过执行以下操作，您似乎在一个声明中添加了多个角色：

new Claim(ClaimTypes.Role, userRoles)
如果您有多个角色，则每个角色都需要是一个单独的声明。像这样：

new Claim(ClaimTypes.Role, "Read") new Claim(ClaimTypes.Role, "Write")
如果您在逗号分隔的字符串
userRoles
中获取角色，您可以使用一些Linq魔术来添加角色：

claims.AddRange(userRoles.Split(',').Select(r => new Claim(ClaimTypes.Role, r)));

你的意思是
userRoles
具有“读、写”的值吗？