asp.net-authorization

问题 I have an application which requires role authorization using custom database. The database is set up with a tblUsers table that has a reference to a tblRoles table. The users are also already assigned to their roles. I also want to use the [Authorize(Role = "RoleName")] attribute on each action to check if an authenticated user is assigned to "RoleName" in the database. I'm having a lot of trouble figuring out where I need to make a modification to the [Authorize] attribute so it behaves

问题 I wrote a Wep Application ASP NET CORE 2.2 in c# which uses the authorization. They work properly. When access is denied now the url is rewritten for example as follows: https://ebbwebdev.azurewebsites.net/Account/AccessDenied?ReturnUrl=%2FTelemetries and the page displayed is Error 404. I'm using ASP.NET Core Identity. How can I redirect access denied to a custom page? Thanks for your cooperation. 回答1: You can simply do as follows: public void ConfigureServices(IServiceCollection services) {

问题 I'm attempting to setup a custom policy provider in asp.net core. I need to pass in several custom authorization attributes to the provider but struggling with how to do so. I have it setup to accept one enum array currently and is working fine. However, I would like to add 2 more enum arrays as additional, optional parameters to the authorization attribute. Attribute as it is now: [LEMClaimAuthorize(new ELocation[] { ELocation.Indy, ELocation.Columbus })] Would like for it to work like so:

问题 I have a method on an API that can be accessed anonymously. I want to use resource authorization to determine if the user has access. If the object is "public" than it can be accessed by anyone (including anonymous users). If the object is "private" than it can only be viewed by logged in users. This logic works fine if I have an authorize attribute on the method, but if not the User has no claims even when they are logged in. Is there a way to get the user's claims in a method without an

问题 I need to implement role based authorization on a .NET 5 API but the thing is that we don't want to decorate all the controllers with attributes and a list of roles, because all that configuration will come from either a config file (JSON) or an external service (TBD), in a way that roles will be mapped to controllers and actions and we would want to have something that centralizes all this logic, in a similar way we did before with Authentication Filters and Attributes. I've been reading

来源： https://stackoverflow.com/questions/61976960/asp-net-core-jwt-authentication-always-throwing-401-unauthorized

问题 I have a .NET core project and am trying to create a custom policy using AuthorizationOptions as shown in the documentation located here: ASP.NET.Core Authorization - Dependency Injection in requirement handlers The examples show setting up an authorization requirement with 1 parameter - a simple int value. My custom requirement requires a string parameter as well as a DbContext object. I want to inject the DbContext into the requirement's constructor at runtime. I am using the Autofac

问题 i am working on a project which is same for several companies, so we have created different databases for different companies with same db structure, each db has it's own identity tables, roles based menus, role based access permission. I have written a single api to connect different databases based on username supplied. as all company logins with same login screen. we decide which db to connect by username passed on loginscreen. Example : 3 companies- abc.com,pqr.com,xyz.com single login

问题 I'm having hard time in deciding an approach while implementing Authentication/Authorization scenario for my Web API (Service) - MVC (client) architecture project. Even though i have implemented Custom token based authentication in Web API project, I'm finding it hard where exactly i should implement the authorization (In Client or in API itself). Architecture Overview : Projects Solution - | | __ ASP.NET Web API based REST service (Independently hosted on IIS at M/C 1) | | __ ASP.NET MVC

问题 I am working on an ASP.NET Core 2 web application. I am handling Access Denied page for [Authorize (roles OR policies)] pages. By default, Instead of showing the original URL and returning 403 status, ASP.NET Core 2.0 redirects the request to an AccessDenied page with status is 302 -> This is not what I want. Instead of redirecting AccessDenied page. I want ASP.NET Core throws my custom ForbiddenException exception so I can handle unauthorized accesses like I do for Unhandled exceptions. Here