一个可能的简化是子类AuthorizeAttribute:

public class RolesAttribute : AuthorizeAttribute
{
    public RolesAttribute(params string[] roles)
    {
        Roles = String.Join(",", roles);
    }
}

用法:

[Roles("members", "admin")]

从语义上看，它和Jim Schmehil的答案是一样的。

一个可能的简化是子类AuthorizeAttribute:

public class RolesAttribute : AuthorizeAttribute
{
    public RolesAttribute(params string[] roles)
    {
        Roles = String.Join(",", roles);
    }
}

用法:

[Roles("members", "admin")]

从语义上看，它和Jim Schmehil的答案是一样的。

另一个清晰的解决方案是使用常量来保持约定，并添加多个[Authorize]属性。看看这个:

public static class RolesConvention
{
    public const string Administrator = "Administrator";
    public const string Guest = "Guest";
}

然后在控制器中:

[Authorize(Roles = RolesConvention.Administrator )]
[Authorize(Roles = RolesConvention.Guest)]
[Produces("application/json")]
[Route("api/[controller]")]
public class MyController : Controller

[Authorize(Roles="admin")]
[Authorize(Roles="members")]

将在需要AND时工作(由问题询问)，而此答案显示OR版本。 详见https://learn.microsoft.com/en-us/aspnet/core/security/authorization/roles?view=aspnetcore-6.0#adding-role-checks

另一种选择是使用一个单独的授权过滤器，但删除内部报价。

[Authorize(Roles="members,admin")]

如果你想使用自定义角色，你可以这样做:

CustomRoles类:

public static class CustomRoles
{
    public const string Administrator = "Administrador";
    public const string User = "Usuario";
}

使用

[Authorize(Roles = CustomRoles.Administrator +","+ CustomRoles.User)]

如果你的角色很少，也许你可以把它们结合起来(为了清晰起见):

public static class CustomRoles
{
     public const string Administrator = "Administrador";
     public const string User = "Usuario";
     public const string AdministratorOrUser = Administrator + "," + User;  
}

使用

[Authorize(Roles = CustomRoles.AdministratorOrUser)]