在ASP.NET Core 3.1 Web API中,如果角色授权不起作用,您可以按照以下步骤进行排查和解决:
services.AddAuthorization(options =>
{
options.AddPolicy("AdminOnly", policy =>
policy.RequireRole("Admin"));
});
[Authorize(Policy = "AdminOnly")]
public class AdminController : ControllerBase
{
//...
}
var claims = new List
{
//...
new Claim(ClaimTypes.Role, "Admin")
};
var identity = new ClaimsIdentity(claims, "AuthScheme");
var principal = new ClaimsPrincipal(identity);
await HttpContext.SignInAsync("AuthScheme", principal);
public void ConfigureServices(IServiceCollection services)
{
//...
services.AddAuthentication("AuthScheme")
.AddCookie("AuthScheme", options =>
{
options.LoginPath = "/Account/Login";
});
//...
}
通过排查以上步骤,您应该能够解决ASP.NET Core 3.1 Web API角色授权不起作用的问题。