services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme) .AddCookie(options => { options.Cookie.HttpOnly = true; options.ExpireTimeSpan = TimeSpan.FromMinutes(30); options.LoginPath = new PathString("/Account/Login"); options.AccessDeniedPath = new PathString("/Account/AccessDenied"); });
services.AddAuthorization(options => { options.AddPolicy("AdminOnly", policy => policy.RequireRole("Admin")); });
var user = new ApplicationUser { UserName = "admin@domain.com" }; await userManager.CreateAsync(user, "P@ssword"); await userManager.AddToRoleAsync(user, "Admin");
[Authorize(Policy = "AdminOnly")] public IActionResult AdminDashboard() { return View(); }
var claims = new List
var identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme); var principal = new ClaimsPrincipal(identity);
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal);
然后可以使用基于声明的授权检查:
[Authorize(Policy = "AdminOnly")] public IActionResult AdminDashboard() { var isAdmin = User.HasClaim(ClaimTypes.Role, "Admin"); return View(isAdmin); }