我有奇怪的问题,无法调试。
我正在尝试使用OperationAuthorizationRequirement和AuthorizationHandler.
当我在控制器中放置断点时,我总是得到 403 结果,所以我试图在CountryControllerAuthorizationHandler内放置断点,但它从未被触发。但是在控制器中,我总是得到AuthorizeAsync false的结果,但我不明白为什么我不能得到断点被命中或触发。我在犯什么愚蠢的错误吗?无论如何,正如我所看到的,资源是NOT null的,用户和声明也是NOT null的:
这是我的代码:
国家/地区控制器授权处理程序:
public class CountryControllerAuthorizationHandler : AuthorizationHandler<OperationAuthorizationRequirement, Country>
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context,
OperationAuthorizationRequirement requirement,
Country resource)
{
if (requirement.Name == Operations.ReadDetail.Name &&
context.User.Claims.FirstOrDefault(a => a.Type == "userType")?.Value == "customer"
)
{
context.Succeed(requirement);
}
if (requirement.Name == Operations.Create.Name &&
context.User.Claims.FirstOrDefault(a => a.Type == "userType")?.Value == "1"
)
{
context.Succeed(requirement);
}
if (requirement.Name == Operations.Update.Name &&
context.User.Claims.FirstOrDefault(a => a.Type == "userType")?.Value == "1"
)
{
context.Succeed(requirement);
}
if (requirement.Name == Operations.Delete.Name &&
context.User.Claims.FirstOrDefault(a => a.Type == "userType")?.Value == "1"
)
{
context.Succeed(requirement);
}
return Task.CompletedTask;
}
}
操作类:
public static class Operations
{
public static OperationAuthorizationRequirement Create =
new OperationAuthorizationRequirement { Name = nameof(Create) };
public static OperationAuthorizationRequirement Read =
new OperationAuthorizationRequirement { Name = nameof(Read) };
public static OperationAuthorizationRequirement ReadDetail =
new OperationAuthorizationRequirement { Name = nameof(ReadDetail) };
public static OperationAuthorizationRequirement Update =
new OperationAuthorizationRequirement { Name = nameof(Update) };
public static OperationAuthorizationRequirement Delete =
new OperationAuthorizationRequirement { Name = nameof(Delete) };
}
启动.cs:
services.AddSingleton<IAuthorizationHandler, CountryControllerAuthorizationHandler>();
services.AddMvcCore()
.AddAuthorization()
.AddJsonFormatters();
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
options.Authority = "http://localhost:5000";
options.RequireHttpsMetadata = false;
options.ApiName = "api1";
});
最后是控制器:
public CountriesController(ICountryService service, IAuthorizationService authorizationService)
{
_authorizationService = authorizationService;
this.countryService = service;
}
public async Task<object> GetDetail()
{
var obj = countryService.Get_DETAILS();
var authorizationResult = await _authorizationService.AuthorizeAsync(User, obj, Operations.ReadDetail);
if (authorizationResult.Succeeded)
{
return Ok(obj);
}
else if (User.Identity.IsAuthenticated)
{
return new ForbidResult();
}
else
{
return new ChallengeResult();
}
}
确保countryService.Get_DETAILS()不为空,并且只返回一个国家/地区。
对于CountryControllerAuthorizationHandler,它接受Country,所以,只有一个县对象被传递到HandleRequirementAsync。
HandleRequirementAsync在AuthorizationHandler年被HandleAsync称为。
尝试使用以下代码进行测试,以调试未调用HandleRequirementAsync的原因。
public class CountryControllerAuthorizationHandler : AuthorizationHandler<OperationAuthorizationRequirement, Country>
{
public override async Task HandleAsync(AuthorizationHandlerContext context)
{
if (context.Resource is Country)
{
foreach (var req in context.Requirements.OfType<OperationAuthorizationRequirement>())
{
await HandleRequirementAsync(context, req, (Country)context.Resource);
}
}
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context,
OperationAuthorizationRequirement requirement,
Country resource)
{
if (requirement.Name == Operations.ReadDetail.Name &&
context.User.Claims.FirstOrDefault(a => a.Type == "userType")?.Value == "customer"
)
{
context.Succeed(requirement);
}
if (requirement.Name == Operations.Create.Name &&
context.User.Claims.FirstOrDefault(a => a.Type == "userType")?.Value == "1"
)
{
context.Succeed(requirement);
}
if (requirement.Name == Operations.Update.Name &&
context.User.Claims.FirstOrDefault(a => a.Type == "userType")?.Value == "1"
)
{
context.Succeed(requirement);
}
if (requirement.Name == Operations.Delete.Name &&
context.User.Claims.FirstOrDefault(a => a.Type == "userType")?.Value == "1"
)
{
context.Succeed(requirement);
}
return Task.CompletedTask;
}
}