2

启动.cs:

        app.UseCookieAuthentication(new CookieAuthenticationOptions()
        {
            AuthenticationScheme = "CustomAuthenticationCookieMiddleware",
            LoginPath = new PathString("/user/login"),
            LogoutPath = new PathString("/user/logout"),
            AccessDeniedPath = new PathString("/access-denied"),
            AutomaticAuthenticate = true,
            AutomaticChallenge = true
        });

MembershipController.cs

...
await HttpContext.Authentication.SignInAsync("CustomAuthenticationCookieMiddleware", claimsPrincipal, new AuthenticationProperties { IsPersistent = loginUser.RememberMe });
...

========

问题:

[Authorize]属性不起作用。它重定向到拒绝访问页面。

但是 [Authorize(Roles = "Administrator")]效果很好

注意: "User.Identity.IsAuthenticated"即使我成功登录也总是错误的

4

1 回答 1

1

我引用:

同样,对于 Forbidden 响应,当我们将中间件添加到管道时,用户将被重定向到 AccessDeniedPath 中指定的路径。在这种情况下,我们不会重定向到登录路径,因为用户已经过身份验证,他们只是没有正确的声明或权限来查看请求的资源

阅读这篇出色的文章并解决您的问题:https ://andrewlock.net/exploring-the-cookieauthenticationmiddleware-in-asp-net-core/

于 2016-08-20T08:42:32.480 回答