.Net Core 1.1中基于角色的身份验证

我在.net core 1.1中实现了基于JWT承载令牌的身份验证和授权。 我还实施了Usermanager进行登录和注册。 我使用下面的代码与PasswordHash匹配用户密码。

var userDetails = await _userManager.FindByNameAsync(username);
                var result = await _signInManager.CheckPasswordSignInAsync(userDetails, password, lockoutOnFailure: false);

我在基于角色的授权中遇到问题。 当我使用用户(用户类型角色)生成JWT令牌时,它工作正常,只能访问[Authorize(Roles =“User”)]属性方法或Actions。 但是,当我使用[授权(角色=“管理员”)]属性时,它正在通过用户和管理员角色类型进行访问。 下面的示例代码:

[Authorize(Roles = "Administrator, User")]
    public class AnswersController : Controller
    {
        private readonly IAnswerService answerServices = null;

        public AnswersController(IAnswerService _answerServices)
        {
            answerServices = _answerServices;
        }

        [Authorize(Roles = "Administrator")]
        // GET: api/Answers
        [HttpGet]
        public async Task<IActionResult> Get()
        {
            var result = await answerServices.GetAll();
            if (result == null)
            {
                return NotFound();
            }
            return Ok(result);
        }

        [Authorize(Roles = "User")]
        // GET: api/Answers/5
        [HttpGet("{id}")]
        public async Task<IActionResult> Get([FromRoute] int id)
        {
            var result = await answerServices.GetByID(id);
            if (result == null)
            {
                return NotFound();
            }
            return Ok(result);
        }
}
}
链接地址: http://www.djcxy.com/p/90189.html

上一篇: Role based Authorization with Identity in .Net Core 1.1

下一篇: Query Database for Role Authorization Before Each Action in ASP.NET Core