ASP.NetCore6MVC上自定义主体显示在AuthorizeFilter属性上出现Forbidden错误。
- 在Startup.cs文件中添加以下代码来启用认证和授权服务:
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme) .AddCookie(options => { options.Cookie.Name = "YourCookieName"; options.LoginPath = new PathString("/Account/Login"); options.ExpireTimeSpan = TimeSpan.FromMinutes(60); }); services.AddAuthorization(options => { options.DefaultPolicy = new AuthorizationPolicyBuilder(CookieAuthenticationDefaults.AuthenticationScheme) .RequireAuthenticatedUser() .Build(); });
-
在控制器或操作中使用[Authorize]属性进行授权。
-
如果需要自定义主体,可以将其注入到HttpContext中,并在操作中使用AuthorizeFilter属性进行授权,如下所示:
[AuthorizeFilter(Policy = "YourCustomPolicy")] public IActionResult YourAction([FromServices]YourCustomPrincipal principal) { // Your code here }
- 在Startup.cs文件中配置策略:
services.AddAuthorization(options => { options.AddPolicy("YourCustomPolicy", policy => policy.RequireClaim("YourCustomClaim")); });
- 在YourCustomPrincipal.cs文件中实现自定义主体,并重写ToString方法,如下所示:
public class YourCustomPrincipal : ClaimsPrincipal { public YourCustomPrincipal(ClaimsPrincipal principal) : base(principal) { }
public override string ToString()
{
return "YourCustomPrincipal";
}
}
使用以上方法,即可成功解决ASP.Net Core 6 MVC上自定义主体显示在Authorize Filter属性上出现Forbidden错误的问题。