我已经将所有Identity UI页面搭建到我的ASP中。NET核心(剃须刀页(项目。/Account/Manage页面应该限制为授权用户,这是完美的,但我找不到在哪里实现/配置/声明了这一限制。
我的意思是没有[Authorize]
属性的痕迹。我还研究了5.0.12和6.0.0的原始源代码,原始UI源代码也没有属性
问题
在哪里实施、编码/声明了这一授权要求(正在生效(?
我还没有从启动代码开始跟踪整个调用堆栈:
builder.Services.AddDefaultIdentity<IdentityUser>(options => options.SignIn.RequireConfirmedAccount = true)
.AddEntityFrameworkStores<ApplicationDbContext>();
但在IdentityDefaultUIConfigureOptions:中
https://github.com/dotnet/aspnetcore/blob/v5.0.12/src/Identity/UI/src/IdentityDefaultUIConfigureOptions.cs
有一个代码:
options.Conventions.AuthorizeAreaFolder(IdentityUIDefaultAreaName, "/Account/Manage");
options.Conventions.AuthorizeAreaPage(IdentityUIDefaultAreaName, "/Account/Logout");
其使用:https://github.com/dotnet/aspnetcore/blob/0bc3c376f0cd14335e8b3afca69596acabeb1f80/src/Mvc/Mvc.RazorPages/src/DependencyInjection/PageConventionCollectionExtensions.cs#L407
动态添加属性:
public static PageConventionCollection AuthorizeAreaFolder(
this PageConventionCollection conventions,
string areaName,
string folderPath,
string policy)
{
if (conventions == null)
{
throw new ArgumentNullException(nameof(conventions));
}
if (string.IsNullOrEmpty(areaName))
{
throw new ArgumentException(Resources.ArgumentCannotBeNullOrEmpty, nameof(areaName));
}
if (string.IsNullOrEmpty(folderPath))
{
throw new ArgumentException(Resources.ArgumentCannotBeNullOrEmpty, nameof(folderPath));
}
conventions.AddAreaFolderApplicationModelConvention(areaName, folderPath, model =>
{
if (conventions.MvcOptions.EnableEndpointRouting)
{
model.EndpointMetadata.Add(new AuthorizeAttribute(policy));
}
else
{
model.Filters.Add(new AuthorizeFilter(policy));
}
});
return conventions;
}