如何访问当前的 HttpContext 以检查 Core 2 中基于自定义策略的授权 ASP.NET 中的路由和参数?
参考示例:基于策略的自定义授权
您应该将IHttpContextAccessor 的实例注入到您的AuthorizationHandler中。
在您的示例上下文中,这可能如下所示:
public class BadgeEntryHandler : AuthorizationHandler<EnterBuildingRequirement>
{
IHttpContextAccessor _httpContextAccessor = null;
public BadgeEntryHandler(IHttpContextAccessor httpContextAccessor)
{
_httpContextAccessor = httpContextAccessor;
}
protected override Task HandleRequirementAsync(
AuthorizationContext context,
EnterBuildingRequirement requirement)
{
HttpContext httpContext = _httpContextAccessor.HttpContext; // Access context here
if (context.User.HasClaim(c => c.Type == ClaimTypes.BadgeId &&
c.Issuer == "http://microsoftsecurity"))
{
context.Succeed(requirement);
return Task.FromResult(0);
}
}
}
您可能需要在 DI 设置中注册此内容(如果其中一个依赖项尚未注册),如下所示:
services.AddHttpContextAccessor();
您可以将IHttpContextAccessor注入到AuthorizationHandler的构造函数中。
例如
public class MyAuthorizationHandler : AuthorizationHandler<MyRequirement>
{
private IHttpContextAccessor _contextAccessor;
public MyAuthorizationHandler (IHttpContextAccessor contextAccessor)
{
_contextAccessor = contextAccessor;
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context,
MinimumPermissionLevelRequirement requirement) {
var httpContext = _contextAccessor.HttpContext;
// do things
}
}
这是来自Microsoft文档(对于 ASP.NET Core 6):
HandleRequirementAsync方法有两个参数:一个AuthorizationHandlerContext和正在处理TRequirement。 MVC 或 SignalR 等框架可以自由地将任何对象添加到AuthorizationHandlerContext上的资源属性以传递额外的 信息。使用终结点路由时,授权通常由 授权中间件。在这种情况下,
Resource属性是一个 HttpContext 的实例。上下文可用于访问当前 终结点,可用于探测其基础资源 您正在路由。例如:if (context.Resource is HttpContext httpContext) { var endpoint = httpContext.GetEndpoint(); var actionDescriptor = endpoint.Metadata.GetMetadata<ControllerActionDescriptor>(); ... }
正如其他人所提到的,注入IHttpContextAccessor是另一种访问HttpContext的方式。
如果它是一个 MVC 上下文,你可以从AuthorizationContext context访问HttpContext、RouteData以及 MVC 提供的其他所有内容:
var mvcContext = context.Resource as Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext;
if (mvcContext != null)
{
// Examine MVC specific things like routing data.
}
https://jakeydocs.readthedocs.io/en/latest/security/authorization/policies.html#accessing-mvc-request-context-in-handlers
在 .NET 5 中,可以使用以下代码:
if(context.Resource.GetType().FullName == "Microsoft.AspNetCore.Http.DefaultHttpContext")
{
var httpContext = context.Resource as Microsoft.AspNetCore.Http.DefaultHttpContext;
}
无需注入,简单的解决方案!
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, MyRequirement requirement)
{
var authFilterCtx = (Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext)context.Resource;
var httpContext = authFilterCtx.HttpContext;
}