所以，我认为您对 Authtorize 工作的理解有误.

So, I think you has incorrect understanding of Authtorize working.

此属性用于控制器.您可以创建多个控制器，并为每个方法设置不同的 ROLES 以指定哪些角色可以调用此方法.

This attribute uses for Controllers. You can create multiple controllers and set for each method different ROLES to specify what Roles can call this method.

在 Dto(数据传输对象)类上指定它是不正确的.

It's not correct to specify it on Dto (Data Transfer Objects) classes.

但是您可以使用 2 个控制器和继承来制作一些有趣的解决方案.

But you can make some interesting solution with 2 controllers and inheritance.

//Account dto for edit
class AccountEditDto {
    public int Id {get; set;}
    public string Email {get; set;}
    public string Password {get; set;}
}

//Controller to edit account
[Route("all/account_controller")]
public class AccountController : Controller
{
    
    public ActionResult EditAccount(AccountEditDto accountDto)
    {
        //do something
    }
}

然后为创建经理角色设置如下:

Then for create manager roles setup something like this :

//Account dto for edit
class AccountManagerEditDto : AccountEditDto {
    public bool Enabled {get; set;} 
}

//Controller admin to edit account
[Area("Manager")]
[Route("manager/account_controller")]
public class AccountManagerController : AccountController
{
    [Authorize(Roles = "Manager")]
    public ActionResult EditAccount(AccountManagerEditDto accountDto)
    {
        //Do something
    }
}

然后为创建管理员角色设置如下:

Then for create admin roles setup something like this :

//Account dto for edit
class AccountAdminEditDto : AccountManagerEditDto {
    public int RoleId {get; set;} 
}

//Controller admin to edit account
[Area("Admin")]
[Route("admin/account_controller")]
public class AccountAdminController : AccountController
{
    [Authorize(Roles = "Admin")]
    public ActionResult EditAccount(AccountAdminEditDto accountDtp)
    {
        //Do something
    }
}

然后你可以使用 URL 模式来调用控制器方法:

Then you can use than pattern of URL for call controller methods:

http://localhost/{role}/accont_controller/edit