【发布时间】:2020-04-28 23:37:07
【问题描述】:
我有一个要授权控制器操作的应用程序:
// GET: Manage
[Authorize]
public async Task<IActionResult> Manage()
{
var songs = _context.Songs
.Include(s => s.Decades)
.OrderBy(x => x.Title);
return View(await songs.ToListAsync());
}
我已经这样设置了我的 Startup.cs 文件:
using JukeboxJunkies.Models;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
namespace JukeboxJunkies
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddIdentity<AppUser, AppRole>(options =>
{
options.User.RequireUniqueEmail = true;
options.Password.RequireUppercase = false;
}).AddEntityFrameworkStores<IdentityAppContext>();
services.ConfigureApplicationCookie(options =>
{
options.Cookie.HttpOnly = true;
//options.LoginPath = "/Account/NotAuthorized";
options.AccessDeniedPath = "/Account/NotAuthorized";
options.SlidingExpiration = true;
}).AddAuthentication();
services.AddDbContext<IdentityAppContext>(cfg =>
{
cfg.UseSqlServer(Configuration.GetConnectionString("JukeboxJunkies"));
});
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => false;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddDbContext<JukeboxJunkiesEntities>(options =>
options.UseSqlServer(Configuration.GetConnectionString("JukeboxJunkies")));
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
}
}
当我点击控制器上的操作时,我希望被路由到 NotAuthorized 视图 - 但它没有 - 它路由到索引视图。
关于我可能缺少什么的想法?我提供了足够的信息吗?
旁注,如果我取消注释掉这一行:
//options.LoginPath = "/Account/NotAuthorized";
效果很好。
【问题讨论】:
-
options.LoginPath的默认设置是/Account/Login,所以我很惊讶它会路由到索引视图而不是那个。除此之外,您所描述的是正确的行为。添加[Authorize]意味着应用程序需要首先确定您是谁 - 如果它不能这样做,它希望您登录。如果您被识别但没有权限,您只会看到访问被拒绝。 -
我刚刚确认-感谢您的解释!
-
没问题。这是否意味着您现在已经解决了这个问题?
-
是的。我认为一切都很好。谢谢!
标签: c# asp.net-core asp.net-authorization