Authorize(Roles = "Admins") 在 MVC5 Identity 2 中导致无限循环
Authorize(Roles = "Admins") causes infinite loop in MVC5 Identity 2
我们有一个 MVC 5 Identity 2 项目。如何限制管理员访问控制器?当 Admin 用户访问下面的控制器时,系统会提示他们登录,但是 CTOR
会出现无限循环
[Authorize(Roles = "Admins")]
public class AdminController : Controller
{
private ApplicationSignInManager _signInManager;
private ApplicationUserManager _userManager;
public AdminController()
{
}
public AdminController(ApplicationUserManager userManager, ApplicationSignInManager signInManager)
{
UserManager = userManager;
SignInManager = signInManager;
}
public ApplicationSignInManager SignInManager
{
get
{
return _signInManager ?? HttpContext.GetOwinContext().Get<ApplicationSignInManager>();
}
private set
{
_signInManager = value;
}
}
public ApplicationUserManager UserManager
{
get
{
return _userManager ?? HttpContext.GetOwinContext().GetUserManager<ApplicationUserManager>();
}
private set
{
_userManager = value;
}
}
但是,如果我将 [Authorize(Roles = "Admins")] 更改为 [Authorize],它会正常工作。我如何限制管理员访问此控制器?
我找到了解决方案here
我没有意识到 RoleManager 默认情况下没有启动。 ConfigureAuth 我添加了这一行 app.CreatePerOwinContext<ApplicationRoleManager>(ApplicationRoleManager.Create);
到IdentityConfig.cs 我添加了
public class ApplicationRoleManager : RoleManager<IdentityRole>
{
public ApplicationRoleManager(IRoleStore<IdentityRole, string> roleStore)
: base(roleStore)
{
}
public static ApplicationRoleManager Create(IdentityFactoryOptions<ApplicationRoleManager> options, IOwinContext context)
{
var appRoleManager = new ApplicationRoleManager(new RoleStore<IdentityRole>(context.Get<CustomersContext>()));
return appRoleManager;
}
}
然后将 RoleManager 注入到 AdminController
的构造函数中
private ApplicationRoleManager _roleManager;
public AdminController(ApplicationUserManager userManager, ApplicationSignInManager signInManager,
ApplicationRoleManager roleManager)
{
UserManager = userManager;
SignInManager = signInManager;
RoleManager = roleManager;
}
public ApplicationRoleManager RoleManager
{
get
{
return _roleManager ?? HttpContext.GetOwinContext().Get<ApplicationRoleManager>();
}
private set { _roleManager = value; }
}
一切都是票据嘘
我们有一个 MVC 5 Identity 2 项目。如何限制管理员访问控制器?当 Admin 用户访问下面的控制器时,系统会提示他们登录,但是 CTOR
会出现无限循环[Authorize(Roles = "Admins")]
public class AdminController : Controller
{
private ApplicationSignInManager _signInManager;
private ApplicationUserManager _userManager;
public AdminController()
{
}
public AdminController(ApplicationUserManager userManager, ApplicationSignInManager signInManager)
{
UserManager = userManager;
SignInManager = signInManager;
}
public ApplicationSignInManager SignInManager
{
get
{
return _signInManager ?? HttpContext.GetOwinContext().Get<ApplicationSignInManager>();
}
private set
{
_signInManager = value;
}
}
public ApplicationUserManager UserManager
{
get
{
return _userManager ?? HttpContext.GetOwinContext().GetUserManager<ApplicationUserManager>();
}
private set
{
_userManager = value;
}
}
但是,如果我将 [Authorize(Roles = "Admins")] 更改为 [Authorize],它会正常工作。我如何限制管理员访问此控制器?
我找到了解决方案here
我没有意识到 RoleManager 默认情况下没有启动。 ConfigureAuth 我添加了这一行 app.CreatePerOwinContext<ApplicationRoleManager>(ApplicationRoleManager.Create);
到IdentityConfig.cs 我添加了
public class ApplicationRoleManager : RoleManager<IdentityRole>
{
public ApplicationRoleManager(IRoleStore<IdentityRole, string> roleStore)
: base(roleStore)
{
}
public static ApplicationRoleManager Create(IdentityFactoryOptions<ApplicationRoleManager> options, IOwinContext context)
{
var appRoleManager = new ApplicationRoleManager(new RoleStore<IdentityRole>(context.Get<CustomersContext>()));
return appRoleManager;
}
}
然后将 RoleManager 注入到 AdminController
private ApplicationRoleManager _roleManager;
public AdminController(ApplicationUserManager userManager, ApplicationSignInManager signInManager,
ApplicationRoleManager roleManager)
{
UserManager = userManager;
SignInManager = signInManager;
RoleManager = roleManager;
}
public ApplicationRoleManager RoleManager
{
get
{
return _roleManager ?? HttpContext.GetOwinContext().Get<ApplicationRoleManager>();
}
private set { _roleManager = value; }
}
一切都是票据嘘