我知道我可以这样为JWT自定义声明添加策略:
services.AddAuthorization(options =>
{
options.AddPolicy("HasRole", policy => policy.RequireClaim("role", "Teacher"));
});
但是,我的JWT令牌有一个角色数组:
// parsed jwt token
{
...,
roles: ['Teacher', 'Parent', 'Admin']
...
}
我不知道如何重写上面的代码:
services.AddAuthorization(options =>
{
options.AddPolicy("IsTeacher",
policy => policy.RequireClaim("roles", /*what should I write here*/));
});
如何在RequireClaim中需要一个数组项?
您可以使用requierole ():
来根据您的角色设置策略services.AddAuthorization(o =>
{
// Teacher or admin can access.
o.AddPolicy("RequireTeacherRole", p => p.RequireRole("teacher", "admin"));
// Only admin can access.
o.AddPolicy("RequireAdminRole", p => p.RequireRole("admin"));
});
现在你可以保护你的MVC/API控制器或razor页面
[Authorize(Policy = "RequireTeacherRole")]
public class MyController : Controller
{
// ...
}