C# 管理员用户的访问被拒绝
我一直在尝试向我的web应用程序的管理区域添加策略,并已将我的管理用户和管理角色添加到我的C# 管理员用户的访问被拒绝,c#,razor,asp.net-core-mvc,C#,Razor,Asp.net Core Mvc,我一直在尝试向我的web应用程序的管理区域添加策略,并已将我的管理用户和管理角色添加到我的AspNetUsers、AspNetRoles和AspNetUserRoles表中,但我无法验证我签名的用户是否是管理员 AspNetUsers表格 Id | UserName | NormalizedUserName | Email | NormalizedEmail __________________________________
AspNetUsers
、AspNetRoles
和AspNetUserRoles
表中,但我无法验证我签名的用户是否是管理员
AspNetUsers
表格
Id | UserName | NormalizedUserName | Email | NormalizedEmail
_______________________________________________________________________________________________
123 | WebAdmin | WEBADMIN | admin@mysite.com | ADMIN@MYSITE.COM
UserId | RoleId
______________________
123 | 123
AspNetRoles
表格
Id | Name | NormalizedName
_______________________________________
123 | Admin | ADMIN
_______________________________________
321 | User | USER
AspNetUserRoles
表格
Id | UserName | NormalizedUserName | Email | NormalizedEmail
_______________________________________________________________________________________________
123 | WebAdmin | WEBADMIN | admin@mysite.com | ADMIN@MYSITE.COM
UserId | RoleId
______________________
123 | 123
我已将标识
包含在我的Startup
类的ConfirgureServices
中
/// <summary>
/// This method gets called by the runtime. Use this method to add services to the container.
/// </summary>
/// <param name="services">Services to configure</param>
public void ConfigureServices(IServiceCollection services)
{
// Regular Cookie Policy stuff
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
// Mailing service setup
services.AddScoped<SmtpClient>((serviceProvider) =>
{
return new SmtpClient
{
Host = this.Configuration.GetValue<string>("Email:Smtp:Host"),
Port = this.Configuration.GetValue<int>("Email:Smtp:Port"),
UseDefaultCredentials = false,
Credentials = new NetworkCredential(
this.Configuration.GetValue<string>("Email:Smtp:Username"),
this.Configuration.GetValue<string>("Email:Smtp:Password")),
EnableSsl = true
};
});
// Connect to the Database
services.AddDbContext<ApplicationDbContext>(options => options.UseSqlServer(this.Configuration.GetConnectionString("DefaultConnection")));
services.AddDbContext<WebSiteContext>(options => options.UseSqlServer(this.Configuration.GetConnectionString("DefaultConnection")));
// Identity Stuff
services.AddDefaultIdentity<IdentityUser>()
.AddRoles<IdentityRole>()
.AddDefaultTokenProviders()
.AddEntityFrameworkStores<ApplicationDbContext>();
// Configure Authorization
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
// Authorization
services.AddAuthorization(options =>
{
options.AddPolicy("RequireAdminRole", policy => policy.RequireRole("Admin"));
});
}
ManageController
我的管理部分的控制器具有授权
声明
/// <summary>
/// ManageController - Controller for Managing Admin Stuff
/// </summary>
[Area("admin")]
[Route("admin/[controller]")]
[Authorize(Policy = "RequireAdminRole")]
public class ManageController : Controller
{
/// <summary>
/// Private instance of the <see cref="EmailViewModel"/> class
/// </summary>
private EmailViewModel emailViewModel;
private SmtpClient smtpClient;
/// <summary>
/// Initializes a new instance of the <see cref="ManageController"/> class
/// </summary>
/// <param name="smtpClient"></param>
public ManageController(SmtpClient smtpClient)
{
this.smtpClient = smtpClient;
}
/// <summary>
/// HomePage for the admin management area
/// </summary>
/// <returns></returns>
public IActionResult Index()
{
return View();
}
}
//
///ManageController-用于管理管理员内容的控制器
///
[区域(“管理”)]
[路由(“管理员/[控制器]”)]
[授权(Policy=“requiredminrole”)]
公共类ManageController:Controller
{
///
///类的私有实例
///
私有EmailViewModel EmailViewModel;
私有SmtpClient SmtpClient;
///
///初始化类的新实例
///
///
公共管理控制器(SmtpClient SmtpClient)
{
this.smtpClient=smtpClient;
}
///
///行政管理区主页
///
///
公共IActionResult索引()
{
返回视图();
}
}
但是,当我以WebAdmin身份登录并导航到我的admin/Manage
区域时,会出现以下错误:
拒绝访问-您无权访问此资源
在检查NET Core中的角色时,我是否遗漏了一些内容?我已经解决了这个问题。问题在于配置标识服务。我需要使用
AddIdentity()
而不是AddDefaultIdentity()
我变了
// Identity Stuff
services.AddDefaultIdentity<IdentityUser>()
.AddRoles<IdentityRole>()
.AddDefaultTokenProviders()
.AddEntityFrameworkStores<ApplicationDbContext>();
//身份资料
services.AddDefaultIdentity()
.AddRoles()
.AddDefaultTokenProviders()
.AddEntityFrameworkStores();
到
//身份资料
服务.额外性()
.AddRoles()
.AddDefaultTokenProviders()
.AddEntityFrameworkStores();
它成功了 您使用的是ASP.NET核心标识的哪个版本?因为在2.2.0版本中,您甚至不需要这一行
.AddRoles()
。我使用的是2.1,但将来可能会使用2.2。感谢FYIIm使用ApplicationUser,但我总是被拒绝访问:-(@jDave1984)任何想法。