Tutorial Hell Veteran's questions

我希望用户仅在登录时访问隐私页面，但授权仅在我登录帐户并注销时才有效，当我首先运行网络应用程序并尝试进入隐私页面时，授权不起作用我必须登录然后注销以获得工作授权。我很确定几个小时前一切都很好，所以这里有一些相关代码：

启动.cs：

    public void ConfigureServices(IServiceCollection services)
    {
        //db
        services.AddDbContext<TheAppContext>(options => options.UseSqlServer(Configuration.GetConnectionString("Myconnection")));
        //auth w/ cookies 
        services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
        .AddCookie(options =>
        {
            options.Cookie.Name = "MySessionCookie";
            options.LoginPath = "/LogUsers/Expired";
            options.SlidingExpiration = true;
        });
        //service 3/default
        services.AddControllersWithViews();
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        else
        {
            app.UseExceptionHandler("/Home/Error");
            // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
            app.UseHsts();
        }

        app.UseHttpsRedirection();
        app.UseStaticFiles();
        app.UseAuthentication();

        app.UseRouting();

        var cookiePolicyOptions = new CookiePolicyOptions
        {
            MinimumSameSitePolicy = SameSiteMode.Strict,
            HttpOnly = Microsoft.AspNetCore.CookiePolicy.HttpOnlyPolicy.Always,
            Secure = CookieSecurePolicy.None,
        };
        app.UseCookiePolicy(cookiePolicyOptions);

        app.UseAuthorization();

        app.UseEndpoints(endpoints =>
        {
            endpoints.MapControllerRoute(
                name: "default",
                pattern: "{controller=Home}/{action=Index}/{id?}");
        });
    }

相关控制器的方法

    [AllowAnonymous]
    [HttpPost]
    public async Task<IActionResult> Login(Users login) //login users
    {

        if(IsValidUser(login.Username, login.Password))
        {
            var claims = new List<Claim>
            {
                new Claim(ClaimTypes.Name, login.Username),
                new Claim(ClaimTypes.Role, "User"),
            };

            var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);

            var authProperties = new AuthenticationProperties
            {
                //The time at which the authentication ticket expires.
                //ExpiresUtc = DateTime.Now.AddMinutes(60),
            };
            
            await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
            new ClaimsPrincipal(claimsIdentity),
            authProperties);

            DisplayedUsername = "@" + login.Username;
            CanUserLogout = 1;

            return RedirectToAction("Index", "Home");
        }
        else
        {
            ViewBag.message = "Failed to login";
            return View();
        }
    }
    
    private bool IsValidUser(string username, string password)
    {
        var user = _context.Users.FirstOrDefault(u => u.Username == username && u.Password == password);

        if (user != null)
        {
            return true;
        }
        
        return false;
    }

    [Authorize]
    public async Task<ActionResult> Logout()
    {
        await HttpContext.SignOutAsync(
            CookieAuthenticationDefaults.AuthenticationScheme);
        CanUserLogout = 0;
        return RedirectToAction("Login", "Logusers");
    }

家庭控制器的隐私操作方法：

    [Authorize]
    public IActionResult Privacy()
    {

        return View();
    }

任何帮助将不胜感激。

编辑 - 1 Startup.cs更新

public class Startup
{
    public Startup(IConfiguration configuration)
    {
        Configuration = configuration;
    }

    public IConfiguration Configuration { get; }

    // This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    {
        //db
        services.AddDbContext<TheAppContext>(options => options.UseSqlServer(Configuration.GetConnectionString("Myconnection")));
        //auth w/ cookies 
        services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
        .AddCookie(options =>
        {
            options.Cookie.Name = "MySessionCookie";
            options.LoginPath = "/LogUsers/Expired";
            options.SlidingExpiration = true;
        });

        //service 3/default
        services.AddControllersWithViews();
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        else
        {
            app.UseExceptionHandler("/Home/Error");
            // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
            app.UseHsts();
        }

        app.UseHttpsRedirection();
        app.UseStaticFiles();

        var cookiePolicyOptions = new CookiePolicyOptions
        {
            MinimumSameSitePolicy = SameSiteMode.Strict,
            HttpOnly = Microsoft.AspNetCore.CookiePolicy.HttpOnlyPolicy.Always,
            Secure = CookieSecurePolicy.None,
        };

        app.UseCookiePolicy(cookiePolicyOptions);

        app.UseAuthentication();

        app.UseRouting();

        app.UseAuthorization();

        app.UseEndpoints(endpoints =>
        {
            endpoints.MapControllerRoute(
                name: "default",
                pattern: "{controller=Home}/{action=Index}/{id?}");
        });
    }
}