ASP.NET Core 2.1 Identity: Role-based authorization -> Access Denied
It's a known issue in the version of 2.1
and has been fixed in 2.2 preview-1
.
The reason is that the new method of AddDefaultIdentity<TUser>()
, which is introduced in ASP.NET Core 2.1
, will not make Roles
enabled by default .
To walk around it , instead of using the new AddDefaultIdentity<TUser>()
to configure Identity , simply use the old-style api :
services.AddIdentity<AppUser, IdentityRole>()
.AddRoleManager<RoleManager<IdentityRole>>()
.AddDefaultUI()
.AddDefaultTokenProviders()
.AddEntityFrameworkStores<ApplicationDbContext>();
Also , if you have already signed someone in before , please do logout first and login again , it will work as expected now .
[Edit] For ASP.NET Core 3.1, invoke .AddRoles<IdentityRole>()
:
services.AddDefaultIdentity<IdentityUser>(options => options.SignIn.RequireConfirmedAccount = true)
.AddRoles<IdentityRole>()
.AddEntityFrameworkStores<AppIdentityDbContext>();
And then logout and login again.