.Net Core 1.1中基于角色的身份验证
我在.net core 1.1中实现了基于JWT承载令牌的身份验证和授权。 我还实施了Usermanager进行登录和注册。 我使用下面的代码与PasswordHash匹配用户密码。
var userDetails = await _userManager.FindByNameAsync(username);
var result = await _signInManager.CheckPasswordSignInAsync(userDetails, password, lockoutOnFailure: false);
我在基于角色的授权中遇到问题。 当我使用用户(用户类型角色)生成JWT令牌时,它工作正常,只能访问[Authorize(Roles =“User”)]属性方法或Actions。 但是,当我使用[授权(角色=“管理员”)]属性时,它正在通过用户和管理员角色类型进行访问。 下面的示例代码:
[Authorize(Roles = "Administrator, User")]
public class AnswersController : Controller
{
private readonly IAnswerService answerServices = null;
public AnswersController(IAnswerService _answerServices)
{
answerServices = _answerServices;
}
[Authorize(Roles = "Administrator")]
// GET: api/Answers
[HttpGet]
public async Task<IActionResult> Get()
{
var result = await answerServices.GetAll();
if (result == null)
{
return NotFound();
}
return Ok(result);
}
[Authorize(Roles = "User")]
// GET: api/Answers/5
[HttpGet("{id}")]
public async Task<IActionResult> Get([FromRoute] int id)
{
var result = await answerServices.GetByID(id);
if (result == null)
{
return NotFound();
}
return Ok(result);
}
}
}
链接地址: http://www.djcxy.com/p/90189.html
上一篇: Role based Authorization with Identity in .Net Core 1.1
下一篇: Query Database for Role Authorization Before Each Action in ASP.NET Core