我正在尝试使用策略向ASP.NET Core 6 Razor Pages应用程序添加自定义授权。这个来自Microsoft人员的示例建议实现IAuthorizationRequirement。
问题是:我需要为Authorize属性中列出的角色使用enum,例如[Authorize(RoleEnum = Role.SysAdmin | Role.Manager)],类似于我们在Framework中使用[Flags]属性的方法。
我根据微软自己的代码编写了以下要求,并将其更改为使用枚举:
public class RolesAuthorizationRequirement: AuthorizationHandler<RolesAuthorizationRequirement>, IAuthorizationRequirement
{
public RolesAuthorizationRequirement(IEnumerable<Constants.Role> allowedRoles)
{
if (allowedRoles == null)
{
throw new ArgumentNullException(nameof(allowedRoles));
}
if (allowedRoles.Count() == 0)
{
throw new InvalidOperationException("No roles provided.");
}
AllowedRoles = allowedRoles;
}
public IEnumerable<Constants.Role> AllowedRoles { get; }
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, RolesAuthorizationRequirement requirement)
{
if (context.User != null)
{
bool found = false;
if (requirement.AllowedRoles == null || !requirement.AllowedRoles.Any())
{
// Review: What do we want to do here? No roles requested is auto success?
found = true;
}
else
{
found = requirement.AllowedRoles.Any(r => context.User.IsInRole(r.ToString()));
}
if (found)
{
context.Succeed(requirement);
}
}
return Task.CompletedTask;
}
}
我尝试将它添加到服务中,但它抱怨它需要RolesAuthorizationRequirement:的角色
options.AddPolicy("Authorize",
policy => policy.AddRequirements(new RolesAuthorizationRequirement()));
基于这篇文章,我也需要这个:
services.AddSingleton<IAuthorizationHandler, MyRequirementHandler>();
我错过了什么?你是怎么把这一切联系起来的?谢谢
您可以尝试更简单的方法。创建一个自定义AuthorizeAttribute,将枚举角色转换为默认授权机制所期望的逗号分隔字符串角色:
public class CustomAuthorizeAttribute : AuthorizeAttribute
{
public CustomAuthorizeAttribute(Constants.Role roleEnum)
{
Roles = roleEnum.ToString().Replace(" ", string.Empty);
}
}
// assuming you have a Role enum similar to this:
public static class Constants
{
[Flags]
public enum Role
{
User = 1,
SuperUser = 2,
Admin = 4,
SuperAdmin = 8
}
}
用法:
// instead of:
[Authorize(Roles = "User,Admin")]
// you can do:
[CustomAuthorize(Constants.Role.User | Constants.Role.Admin)]