发表新帖
发表新帖

ASP.NET MVC redirect to an access denied page using a custom role provider

后端 未结
关注
9 1980
忘了有多久
忘了有多久 2020-12-12 11:20

I\'m creating a custom role provider and I set a Authorize attribute specifying a role in my controller and it\'s working just fine, like this:

[Authorize(Ro
9条回答
  • 遥遥无期
    遥遥无期 (楼主)
    2020-12-12 11:49

    I had similar issue. No matter what role I had, I was always redirected to LogIn page instead of AccessDenied. The fix was unbelievably easy, but it might not work in all cases. So it turned out, that I had wrong order in Startup.cs of these two lines:

    app.UseAuthentication();
app.UseAuthorization();

    Make sure if app.UseAuthentication(); is BEFORE app.UseAuthorization();

    In other words, ask "Who are you?" first, and then "Are you allowed here?", not the other way.

    0 讨论(0)
 看不清?
提交回复
热议问题