具有[Authorize]属性的控制器返回未授权的错误，但具有[Authorize（Roles =“Administrator”）]的控制器完美地工作

Question

使用以下登录方法和“Startup.cs”，控制器使用[Authorize（Roles =管理员“）]属性工作正常，但那些需要认证用户，不关心他们的角色返回”状态代码：401未经授权“。

登录方法：

public async void LogOn(IUser user, string domain, bool remember, TimeSpan timeout) 
    { 
     var context = AccessorsHelper.HttpContextAccessor.HttpContext; 

     await context.SignOutAsync(IdentityConstants.ApplicationScheme); 

     var claims = new List<Claim> 
     { 
      new Claim(ClaimsIdentity.DefaultNameClaimType, user.GetId().ToString()) 
     }; 

     claims.AddRange(user.GetRoles().Select(role => new Claim(ClaimsIdentity.DefaultRoleClaimType, role))); 

     await context.SignInAsync(IdentityConstants.ApplicationScheme, 
      new ClaimsPrincipal(new ClaimsIdentity(claims)), 
      new AuthenticationProperties 
      { 
       IsPersistent = remember, 
       ExpiresUtc = DateTimeOffset.UtcNow.Add(timeout) 
      }); 
    } 

Startup.cs：

public class Startup 
{ 
    // This method gets called by the runtime. Use this method to add services to the container. 
    // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940 
    public void ConfigureServices(IServiceCollection services) 
    { 
     services.InjectOliveDependencies(); 

     var builder = services.AddMvc(options => { 
      options.ModelBinderProviders.Insert(0, new Olive.Mvc.OliveBinderProvider()); 
      //options.ModelBinderProviders.Insert(0, new TestBinderProvider()); 
     }) 
     .ConfigureApplicationPartManager(manager => 
     { 
      var oldMetadataReferenceFeatureProvider = manager.FeatureProviders.First(f => f is MetadataReferenceFeatureProvider); 
      manager.FeatureProviders.Remove(oldMetadataReferenceFeatureProvider); 
      manager.FeatureProviders.Add(new ReferencesMetadataReferenceFeatureProvider()); 
     }); ; 
     //ConfigureMvc(builder); 

     services.Configure<RazorViewEngineOptions>(options => { 
      options.ViewLocationExpanders.Add(new ViewLocationExpander()); 
     }); 

     services.AddSingleton<IUserStore<User>, UserStore>(); 
     services.AddSingleton<IRoleStore<string>, RoleStore>(); 
     services.AddIdentity<User, string>(); 
     services.AddAuthentication(IdentityConstants.ApplicationScheme); 
    } 

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. 
    public void Configure(IApplicationBuilder app, IHostingEnvironment env) 
    { 
     app.ConfigureOliveDependencies(env); 

     if (env.IsDevelopment()) 
     { 
      app.UseDeveloperExceptionPage(); 
      app.UseBrowserLink(); 
     } 
     else 
     { 
      app.UseExceptionHandler("/Home/Error"); 
     } 

     app.UseAuthentication(); 

     app.UseStaticFiles(); 

     app.UseMvc(routes => 
     { 
      //routes.MapRoute(
      // name: "default", 
      // template: "{controller=Home}/{action=Index}/{id?}"); 
     }); 
    } 
} 

另外，我使用ASP.Net核2.0。

Answer 1

随着LogIn方法的小改动，问题得到解决。

public async void LogOn(IUser user, string domain, bool remember, TimeSpan timeout) 
    { 
     var context = AccessorsHelper.HttpContextAccessor.HttpContext; 

     await context.SignOutAsync(IdentityConstants.ApplicationScheme); 

     var claims = new List<Claim> 
     { 
      new Claim(ClaimsIdentity.DefaultNameClaimType, user.GetId().ToString()) 
     }; 

     claims.AddRange(user.GetRoles().Select(role => new Claim(ClaimsIdentity.DefaultRoleClaimType, role))); 

     await context.SignInAsync(IdentityConstants.ApplicationScheme, 
      new ClaimsPrincipal(new ClaimsIdentity(claims, "AuthenticationType")), // AuthenticationType is just a text and I do not know what is its usage. 
      new AuthenticationProperties 
      { 
       IsPersistent = remember, 
       ExpiresUtc = DateTimeOffset.UtcNow.Add(timeout) 
      }); 
    } 

查看注释部分的更改。