C# Asp网络核心授权
问题:每当普通用户试图访问只有管理员才能访问的页面时,用户总是被重定向到登录,而不是访问被拒绝的页面 问题:当用户访问受限页面时,普通用户如何看到拒绝访问页面 控制器:C# Asp网络核心授权,c#,asp.net-core-1.0,C#,Asp.net Core 1.0,问题:每当普通用户试图访问只有管理员才能访问的页面时,用户总是被重定向到登录,而不是访问被拒绝的页面 问题:当用户访问受限页面时,普通用户如何看到拒绝访问页面 控制器: [Authorize(Roles = "Administrator")] public class AdminOnlyController: Controller{ } Startup.cs app.UseIdentity(); app.UseCookieAuthentication(new CookieAuthentic
[Authorize(Roles = "Administrator")]
public class AdminOnlyController: Controller{
}
app.UseIdentity();
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
AuthenticationScheme = "FirstCookieAuthentication",
AutomaticAuthenticate = true,
AutomaticChallenge = true,
AccessDeniedPath = new PathString("/Forbidden/"),
LoginPath = new PathString("/Conotroller/Login"),
});
拒绝访问只是一个状态代码,如未找到、内部错误等。要管理状态代码,可以使用中间件“app.UseStatusCodePages” 代码: 然后在StatusCodeController中,生成与您提供的路由匹配的操作结果,例如:
[HttpGet("/StatusCode/{statusCode}")]
public IActionResult Index(int statusCode)
{
string statusmessage = "";
switch (statusCode)
{
case 400:
statusmessage = "Bad request: The request cannot be fulfilled due to bad syntax";
break;
case 403:
statusmessage = "Forbidden";
break;
//all codes here...
default:
statusmessage = "That’s odd... Something we didn't expect happened";
break;
}
// return appropriate view
// or same view with different message, eg from ViewBag
}
我所做的是创建了一个自定义属性,它实现了IActionFilter接口并继承了属性类。所以基本上我把代码放在动作执行方法中。不过,我也读过关于不创建自定义属性的文章。但是我没有在评论部分读到整个讨论。不管怎么说,这对我的案子有效 请参阅updateuhmm,我检查了响应状态代码,它总是返回200,即使我作为普通用户访问受限页面。
[HttpGet("/StatusCode/{statusCode}")]
public IActionResult Index(int statusCode)
{
string statusmessage = "";
switch (statusCode)
{
case 400:
statusmessage = "Bad request: The request cannot be fulfilled due to bad syntax";
break;
case 403:
statusmessage = "Forbidden";
break;
//all codes here...
default:
statusmessage = "That’s odd... Something we didn't expect happened";
break;
}
// return appropriate view
// or same view with different message, eg from ViewBag
}