Reputation: 1784
ASP.NET Core 2.1 Identity: Role-based authorization -> Access Denied
I'm using ASP.NET Core 2.1 with the new Identity framwork from .NET. The regular Authorization attribute works as long as no role specific role is requested.
Do I need some extending / customized policies to use roles? Below is a minimized sample of my code:
Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(
Configuration.GetConnectionString("DefaultConnection")));
services.AddDefaultIdentity<IdentityUser>()
.AddRoles<IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>();
// Does not change anything
// services.AddAuthorization();
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
HomeController.cs
public async Task<IActionResult> Index()
{
if (!await _roleManager.RoleExistsAsync("Admin"))
{
await _roleManager.CreateAsync(new IdentityRole("Admin"));
}
var user = await _userManager.FindByEmailAsync("[email protected]");
if (!await _userManager.IsInRoleAsync(user, "Admin"))
{
await _userManager.AddToRoleAsync(user, "Admin");
await _userManager.UpdateAsync(user);
}
return View();
}
[Authorize]
public IActionResult About()
{
ViewData["Message"] = "Your application description page.";
return View();
}
[Authorize(Roles = "Admin")]
public IActionResult Contact()
{
ViewData["Message"] = "Your contact page.";
return View();
}
Upvotes: 8
Views: 4374
Answers (2)
Reputation: 25350
It's a known issue in the version of 2.1 and has been fixed in 2.2 preview-1 .
The reason is that the new method of AddDefaultIdentity<TUser>() , which is introduced in ASP.NET Core 2.1 , will not make Roles enabled by default .
To walk around it , instead of using the new AddDefaultIdentity<TUser>() to configure Identity , simply use the old-style api :
services.AddIdentity<AppUser, IdentityRole>()
.AddRoleManager<RoleManager<IdentityRole>>()
.AddDefaultUI()
.AddDefaultTokenProviders()
.AddEntityFrameworkStores<ApplicationDbContext>();
Also , if you have already signed someone in before , please do logout first and login again , it will work as expected now .
[Edit] For ASP.NET Core 3.1, invoke .AddRoles<IdentityRole>():
services.AddDefaultIdentity<IdentityUser>(options => options.SignIn.RequireConfirmedAccount = true)
.AddRoles<IdentityRole>()
.AddEntityFrameworkStores<AppIdentityDbContext>();
And then logout and login again.
Upvotes: 21
Reputation: 556
Hmmm. I have the following code in an Asp.Net 2.1 project that is working:
services.AddDefaultIdentity<IdentityUser>()
.AddRoles<IdentityRole>()
//.AddDefaultUI(UIFramework.Bootstrap4)
.AddDefaultTokenProviders()
.AddEntityFrameworkStores<ApplicationDbContext>();
Upvotes: 1
Related Questions
- 403 Forbidden in ASP.NET Identity Role, despite having the right Role
- problems with identityuser role asp.net core
- .net core identity 2.1 role authorize not working
- Access Denied in Asp .Net Core by Claims Authorization
- Login Succeeded But Authorization Failed ASP.NET CORE
- .NET Core 3.1 role based authorization fails, getting 403 exception
- Issue with ASP.NET 2.2 user role
- ASP.NET Core 2.2 Authorization not authorizing
- aspnetcore.identity - in role, but getting denied access
- .net core identity RoleManager exception