Role based Authorization with Identity in .Net Core 1.1

I have implemented JWT bearer token based authentication and authorization in .Net core 1.1. I also implemented Usermanager for login and register. I am matching user password with PasswordHash using below code.

var userDetails = await _userManager.FindByNameAsync(username);
                var result = await _signInManager.CheckPasswordSignInAsync(userDetails, password, lockoutOnFailure: false);

I am getting issue in Role based Authorization. When i am generation JWT token with User(User type role), it's working fine and access only [Authorize(Roles = "User")] attribute methods or Actions. But when i am using [Authorize(Roles = "Administrator")] attribute it is accessing by both User and Admin Role Type. below the sample code:

[Authorize(Roles = "Administrator, User")]
    public class AnswersController : Controller
    {
        private readonly IAnswerService answerServices = null;

        public AnswersController(IAnswerService _answerServices)
        {
            answerServices = _answerServices;
        }

        [Authorize(Roles = "Administrator")]
        // GET: api/Answers
        [HttpGet]
        public async Task<IActionResult> Get()
        {
            var result = await answerServices.GetAll();
            if (result == null)
            {
                return NotFound();
            }
            return Ok(result);
        }

        [Authorize(Roles = "User")]
        // GET: api/Answers/5
        [HttpGet("{id}")]
        public async Task<IActionResult> Get([FromRoute] int id)
        {
            var result = await answerServices.GetByID(id);
            if (result == null)
            {
                return NotFound();
            }
            return Ok(result);
        }
}
}
链接地址: http://www.djcxy.com/p/90190.html

上一篇: ASP.NET Core 2.0身份验证Cookie未设置

下一篇: .Net Core 1.1中基于角色的身份验证