您好,我是 ASP.NET Core 的新手,我想在控制器中檢查登錄用戶是否處于某個角色,以回傳適當的視圖。一個帶有 CRUD 鏈接的視圖,另一個是只讀的。
我有兩個角色:
- 經理“CanManage”(CRUD)
- 用戶“可以使用”
public async Task<IActionResult> Index() {
bool isInrole = User.IsInRole("CanManage"); // First try
bool isInrole = HttpContext.User.IsInRole("CanManage"); // Second try
bool isInrole = User.HasClaim(ClaimTypes.Role, "CanManage"); // Third try
if (isInrole)
return View(await _context.Etudiants.ToListAsync());
return View("IndexReadonly", await _context.Etudiants.ToListAsync());
}
每次bool是false,知道如何檢查用戶角色嗎?
uj5u.com熱心網友回復:
最后,我找到了解決方案。
經過一些閱讀,有人說角色有點老派,而宣告是實際的方式!(如果有意義的話……)
所以我做了。
不得不做幾個步驟來用宣告替換角色。
ApplicationDBContext在類內部的OnModelCreating方法中使用宣告和用戶預填充資料庫
protected override void OnModelCreating(ModelBuilder modelBuilder) {
// Fluent API
//...
string MANAGER_ID = Guid.NewGuid().ToString();
string BASIC_ID = Guid.NewGuid().ToString();
var passwordHasher = new PasswordHasher<IdentityUser>();
// Manager
var managerName = "[email protected]";
var manager = new IdentityUser {
Id = MANAGER_ID, // Primary key
Email = managerName,
NormalizedEmail = managerName.ToUpper(),
UserName = managerName,
NormalizedUserName = managerName.ToUpper(),
EmailConfirmed = true,
};
manager.PasswordHash = passwordHasher.HashPassword(manager, "Pass_12345");
// Basic user
var basicname = "[email protected]";
var basic = new IdentityUser {
Id = BASIC_ID, // Primary key
Email = basicname,
NormalizedEmail = basicname.ToUpper(),
UserName = basicname,
NormalizedUserName = basicname.ToUpper(),
EmailConfirmed = true,
};
basic.PasswordHash = passwordHasher.HashPassword(basic, "Pass_12345");
// Seeding the User to AspNetUsers table
builder.Entity<IdentityUser>().HasData(manager, basic);
builder.Entity<IdentityUserClaim<string>>().HasData(
new IdentityUserClaim<string> { Id = 1, UserId = MANAGER_ID, ClaimType = AppClaimType.Manage, ClaimValue = "true" },
new IdentityUserClaim<string> { Id = 2, UserId = BASIC_ID, ClaimType = AppClaimType.Basic, ClaimValue = "true" });
}
Drop-Database在包管理器控制臺 (PMC) 中重新開始Add-Migration Claims, 然后Update-Database- 一個額外的類,僅用于參考索賠和政策的名稱
public class AppClaimType{
public const string Manage = "Manage Role";
public const string Basic = "Basic Role";
}
public class AppPolicyName{
public const string Management = "Management";
public const string BasicUsage = "BasicUsage";
}
- 在
Program.cs制定政策
builder.Services.AddAuthorization(options => {
options.AddPolicy(AppPolicyName.Management,
policy => policy.RequireClaim(AppClaimType.Manage, "true"));
});
- 最后在Controller中進行檢查
public async Task<IActionResult> Index() {
bool hasClaim = User.HasClaim(AppClaimType.Manage, "true");
if (hasClaim)
return View(await _context.Etudiants.ToListAsync());
return View("IndexReadonly", await _context.Etudiants.ToListAsync());
}
現在bool按預期獲得正確的值,取決于登錄用戶(基本或經理)
轉載請註明出處,本文鏈接:https://www.uj5u.com/qianduan/457087.html