问题:只要普通用户尝试访问只能由管理员访问的页面,用户总是被重定向到登录而不是访问被拒绝的页面。Asp Net核心授权
问题:每当用户访问受限制的页面时,普通用户如何看到拒绝访问页面?
控制器:
[Authorize(Roles = "Administrator")]
public class AdminOnlyController: Controller{
}
Startup.cs
app.UseIdentity();
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
AuthenticationScheme = "FirstCookieAuthentication",
AutomaticAuthenticate = true,
AutomaticChallenge = true,
AccessDeniedPath = new PathString("/Forbidden/"),
LoginPath = new PathString("/Conotroller/Login"),
});
请参阅更新 –