asp.net-roles

问题 I follow the tutorial link below. https://fullstackmark.com/post/13/jwt-authentication-with-aspnet-core-2-web-api-angular-5-net-core-identity-and-facebook-login I am trying to understand how it works and I want to use role-based authentication using this token. so I made another policy in the Startup.cs file as below. And I tried to use it like [Authorize(Policy = "admin")] or [Authorize(Policy = "ApiUser")] in the controller but every time I try I get unauthenticated using postman . What am

问题 I follow the tutorial link below. https://fullstackmark.com/post/13/jwt-authentication-with-aspnet-core-2-web-api-angular-5-net-core-identity-and-facebook-login I am trying to understand how it works and I want to use role-based authentication using this token. so I made another policy in the Startup.cs file as below. And I tried to use it like [Authorize(Policy = "admin")] or [Authorize(Policy = "ApiUser")] in the controller but every time I try I get unauthenticated using postman . What am

问题 What is the difference between using policy-based authorization and authorize with role, or there is no difference? [Authorize(Policy = "RequiredAdminRole")] and [Authorize(Roles = "Admin")] 回答1: For Role-based authorization , Roles are exposed to the developer through the IsInRole method on the ClaimsPrincipal class. In my opinion,there is no difference if you mean the Policy is configured as services.AddAuthorization(options => options.AddPolicy("RequiredAdminRole", policy => policy

问题 I have a single membership provider which is using the '/' default application name. I then have multiple applications which share this common membership provider configuration. Each application has it's own role provider configuration, they all share the same database as the membership provider but use a different application name to isolate their roles from each other. When I create a member then a single user record is created and hence shared across all the applications. I then create

问题 In my previous post i asked how to check/add user roles, but now i face another problem. Since microsoft moved to the new Identity 2.0, AuthorizeAttribute doesn't work anymore. Is there any substitute filter for the Authorize? EDIT: I've made some tests and [Authorize(Users = "SOME_ID")] works, but not [Authorize(Roles = "Admin")]. And i verified if the user was really in that role (Admin) 回答1: Actually [Authorize(Roles = "ROLENAME")] working fine. Check your userRoles (or AspNetUserRoles)

问题 I've created controller classes to assist with Role authorization. I have a base class ControllersAuthorities , which is the highest level of authority. I have created the other classes to extend each base class. [Authorize(Roles = "Owner")] public abstract class ControllerAuthorities:Controller { } [Authorize(Roles = "Admin")] public abstract class AdminController:ControllerAuthorities { } [Authorize(Roles = "Employee")] public abstract class EmployeeController:AdminController { } [Authorize

问题 I am trying to get a list of all the roles in my application. I have looked at the following post Getting All Users... and other sources. Here is my code which I think is what I am supposed to do. var roleStore = new RoleStore<IdentityRole>(context) var roleMngr = new RoleManager<IdentityRole>(roleStore); List<string> roles = roleMngr.Roles.ToList(); However, I’m getting the following error: Cannot implicitly convert type GenericList(IdentityRole) to List(string) . Any suggestions? I am

问题 I'm currently trying to implement security in a new ASP MVC 5 application, based on user roles. The goal is to prevent users from accessing certain controllers or controller methods if they don't have a certain role (or higher). Based on what I've read on the question so far, I created an attribute that inherits AuthorizeAttribute which looks like this (MyAppRole is an enum, btw) : [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)]

问题 Before the update of the dll's in the Entity Framework i was able to do this user.Roles.Where(r => r.Role.Name == "Admin").FisrtOrDefault(); Now, i can only do r.RoleId, and i can't find a way to retreive the name of thar Role Id. I'm using this in my controllers and in my AuthorizeAttribute class. Can someone help me here? Regards 回答1: Ask the RoleMananger? RoleManager.Roles. // or RoleManager.FindByIdAsync() // or RoleManager.FindByNameAsync() You may want to take some time and learn the

问题 I'm developing a complex website with users having multiple roles. The users are also coupled on other items in the DB which, together with their roles, will define what they can see and do on the website. Now, some users have more than 1 role, but the website can only handle 1 role at a time because of the complex structure. the idea is that a user logs in and has a dropdown in the corner of the website where he can select one of his roles. if he has only 1 role there is no dropdown. Now I