我有一个包含多个应用程序的项目,每个应用程序都包含在/Pages中的特定文件夹中/Pages/PTW,/Page/JM等等。我已经为每个页面实现了用户身份验证和角色管理。我想为公司实施策略授权,这样特定的公司用户就可以访问特定文件夹中的页面,我尝试过这样做:
using System;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authorization;
using RoSafety.Models;
using System.Linq;
using Microsoft.EntityFrameworkCore;
using RoSafety.Data;
public class AccessCodeRequirement : IAuthorizationRequirement
{
public string AccessCode { get; set; }
public AccessCodeRequirement(string accessCode)
{
AccessCode = accessCode;
}
}
public class AccessCodeHandler : AuthorizationHandler<AccessCodeRequirement>
{
private readonly ApplicationDbContext _context;
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context,
AccessCodeRequirement requirement)
{
var userId = context.User.FindFirstValue(ClaimTypes.NameIdentifier);
var orgID = _context.UsersData.Where(x => x.Id == userId).Select(x => x.OrgID).FirstOrDefault();
var orgAccess = _context.CompanyAccesses.Select(x => x.AccessCode).ToList();
foreach(var a in orgAccess)
{
var access = a;
if(access == requirement.AccessCode)
{
context.Succeed(requirement);
}
}
return Task.CompletedTask;
}
}
在启动时,我添加了
options.AddPolicy("PTW", policy =>
policy.Requirements.Add(new AccessCodeRequirement("RO-01")));
页面上有
[Authorize(Policy = "PTW")]
CompanyAccesses表中OrgID的AccessCode是";RO-01";但我仍然拒绝访问。我做错了什么?
首先,AccessCodeHandler中的_context注入失败。您应该更改AccessCodeHandler,如下所示。
public class AccessCodeHandler : AuthorizationHandler<AccessCodeRequirement>
{
private readonly ApplicationDbContext _context;
//add following code
public AccessCodeHandler(ApplicationDbContext context)
{
_context = context;
}
//.....
}
然后在您的startup中,您应该添加服务。
services.AddAuthorization(options =>
{
options.AddPolicy("PTW", policy =>
policy.Requirements.Add(new AccessCodeRequirement("RO-01")));
});
//add this code.
services.AddTransient<IAuthorizationHandler, AccessCodeHandler>();