Asp.net核心MVC授权属性不阻止

Question

授权属性不起作用。我没有登录，它允许我访问此功能。

我玩过附在底部的Startup.cs文件。请帮我开始这个。我已经在以前的MVC版本中成功地使用了这些方法，但我还没有成功使用MVC内核。

在此之后，我正在寻找添加角色。任何方向在哪里开始，将不胜感激。 感谢

public class SecurityAccessController : Controller 
{ 
    private SecurityAccessDbContext SecurityAccessDbContext { get; set; } 

    public SecurityAccessController([FromServices] SecurityAccessDbContext SecurityAccessDbContext) 
    { 
     this.SecurityAccessDbContext = SecurityAccessDbContext; 
    } 

    // GET: /<controller>/ 
    [Authorize] 
    public IActionResult Index() 
    { 
     return View(); 
    } 
} 

这是我开始Up.cs 更新所推荐下面的评论

public void ConfigureServices(IServiceCollection services) 
    { 
     // Add framework services. 
     services.AddMemoryCache(); 
     services.AddSession(); 

     //Added 
     services.AddBootstrapPagerGenerator(options => {options.ConfigureDefault();}); 

     //Database services 
     services.AddEntityFrameworkSqlServer().AddDbContext<SecurityAccessDbContext>(options => { options.UseSqlServer(Configuration["ConnectionStrings:Accumatica"]); }); 
     services.AddEntityFrameworkSqlServer().AddDbContext<AcumaticaDbContext>(options => { options.UseSqlServer(Configuration["ConnectionStrings:Accumatica"]); }); 
     services.AddEntityFrameworkSqlServer().AddDbContext<RMADbContext>(options => { options.UseSqlServer(Configuration["ConnectionStrings:Accumatica"]); }); 
     services.AddEntityFrameworkSqlServer().AddDbContext<WarrantyDbContext>(options => { options.UseSqlServer(Configuration["ConnectionStrings:Accumatica"]); }); 
     services.AddEntityFrameworkSqlServer().AddDbContext<GenericDbContext>(options => { options.UseSqlServer(Configuration["ConnectionStrings:Accumatica"]); }); 
     services.AddEntityFrameworkSqlServer().AddDbContext<ApplicationIdentityDbContext>(options => { options.UseSqlServer(Configuration["ConnectionStrings:Accumatica"]); }); 

     services.AddIdentity<ApplicationUser, ApplicationRole>(options => 
     { 
      options.Cookies.ApplicationCookie.LoginPath = "/Account/Login"; 
      options.Cookies.ApplicationCookie.AccessDeniedPath = "/Home/AccessDenied"; 
     }) 
     .AddEntityFrameworkStores<ApplicationIdentityDbContext>() 
     .AddDefaultTokenProviders(); 

     services.AddMvc(); 

     services.AddTransient<IEmailSender, AuthMessageSender>(); 
    } 

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. 
    public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) 
    { 
     loggerFactory.AddConsole(Configuration.GetSection("Logging")); 
     loggerFactory.AddDebug(); 

     if (env.IsDevelopment()) 
     { 
      app.UseDeveloperExceptionPage(); 
      app.UseBrowserLink(); 
     } 
     else 
     { 
      app.UseExceptionHandler("/Home/Error"); 
     } 

     app.UseStaticFiles(); 

     app.UseSession(); 

     app.UseIdentity(); 

     app.UseMvcWithDefaultRoute(); 
    } 

Answer 1

我发现

文件launchsettings.json已经

"iisSettings": { 
    "windowsAuthentication": true, 

我改

"iisSettings": { 
    "windowsAuthentication": false, 

Answer 2

加入Mvc之前添加Identity。此外，您不需要添加Authorization，因为在添加Identity时已经完成，如here所示。您还可以配置身份选项，例如登录路径，而无需配置CookieAuthenticationOptions。相反，您可以在添加Identity时进行配置。

下面是代码的样子的代码片段。

// Remove me 
// services.AddAuthorization(); 

// Remove me too 
// services.Configure<CookieAuthenticationOptions>(options => 
// .... 

services.AddIdentity<ApplicationUser, IdentityRole>(options => 
{ 
    options.Cookies.ApplicationCookie.LoginPath = "/Account/Login"; 
    options.Cookies.ApplicationCookie.AccessDeniedPath = "/Home/AccessDenied"; 
    options.Cookies.ApplicationCookie.AutomaticChallenge = true; 
    options.Cookies.ApplicationCookie.AutomaticAuthenticate = true; 
}) 
.AddEntityFrameworkStores<ApplicationIdentityDbContext>() 
.AddDefaultTokenProviders(); 

services.AddMvc();