我有一个使用NET 5的ASP.NET Core MVC应用程序。只有经过身份验证的用户才能访问该应用程序。下面的授权策略会处理它。
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews(options =>
{
var authorizationPolicy = new AuthorizationPolicyBuilder()
.RequireClaim(ClaimTypes.Email)
.RequireClaim(ClaimTypes.NameIdentifier)
.RequireClaim(ClaimTypes.Name)
.RequireClaim(IdentityClaimTypes.IdToken)
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(authorizationPolicy));
})
}
控制器还使用AuthorizeRoles
属性来检查基于角色的访问。
public class AuthorizeRolesAttribute : AuthorizeAttribute
{
public AuthorizeRolesAttribute(params string[] roles) : base()
{
if (roles.Length > 0)
{
Roles = string.Join(",", roles);
}
}
}
[AuthorizeRoles("ClientAdmin")]
public class WorkItemClientsController : BaseController
{
private readonly IClientWorkItemService _clientWorkItemService;
public WorkItemClientsController(IClientWorkItemService clientWorkItemService)
{
_clientWorkItemService = clientWorkItemService;
}
[HttpGet]
[Route("workitems/{workItemID}/clients")]
public async Task<ActionResult> Index([FromRoute(Name = "workItemID")] int workItemID)
{
}
}
该应用程序几乎没有需要根据数据库中用户的数据进行进一步授权的操作。我有以下
public class WorkItemRequirement : IAuthorizationRequirement
{
}
public class WorkItemAuthorizationHandler : AuthorizationHandler<WorkItemRequirement>
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, WorkItemRequirement requirement)
{
//check if logged in user can access this route based on workitemid from the route, if true then return context.Succeed(requirement);
}
}
public class WorkItemAuthorizeAttribute : AuthorizeAttribute
{
public WorkItemAuthorizeAttribute()
{
Policy = "WorkItemPolicy"
}
}
我将添加WorkItemAuthorizeAttribute
以要求操作方法。
这里我缺少的是WorkItemAuthorizeAttribute
如何知道要调用哪个处理程序。在这种情况下,它的WorkItemAuthorizationHandler
要建立此关联,我需要在startup.cs中的AuthorizationPolicyBuilder中更改/添加什么?
在这里的官方文档中几乎可以找到所有内容基本上就像你说的那样,你需要修改你的政策,将你的WorkItemRequirement
包括在内:
.Requirements.Add(new WorkItemRequirement());
这将把属性中的Policy
与AuthorizationHandler "粘合"在一起