.net core 如何在基于声明的授权中执行允许值的方法?
我有两项政策:.net core 如何在基于声明的授权中执行允许值的方法?,.net-core,authorization,claims-based-identity,.net Core,Authorization,Claims Based Identity,我有两项政策:读者和作者。 对于这些政策中的每一项,我都有许多属于它们的价值观: Readers: [1,2,3,4,5,6] Writers: [100,400,500] 这些数组将存储在数据库中/通过Http调用检索 我怎样才能不根据一些预定义值检查所需的索赔值,如: services.AddAuthorization(options => { options.AddPolicy("Readers",
读者作者Readers: [1,2,3,4,5,6]
Writers: [100,400,500]
services.AddAuthorization(options =>
{
options.AddPolicy("Readers",
policy =>policy.RequireClaim("UserID", "1", "2", "3", "4", "5"));
});
CheckPolicyService someService;
services.AddAuthorization(options =>
{
options.AddPolicy("Readers",
policy =>policy.RequireClaim("UserID", async (userId)=>await someService.CheckClaimAsync(new Claim("UserID",userId,),"Readers"));
});
EmployerIDpublic class PolicyRepo
{
public string PolicyID{get;set;}
public string[] Users{get;set;}
}
public class CheckPolicyService
{
private PolicyRepo [] repos {get;set;} //all policies with their allowed users
public async Task<bool> CheckClaimAsync(Claim userClaim,string policy)
{
if(userClaim.Type!="UserID")
{
return false;
}
bool hasAccess=this.repos.Single(r=>r.PolicyId==policy).Users.Contains(userClaim.Value);
return hasAccess;
}
}
public class Controller
{
[Authorize(Policy="Readers")]
public async Task ReadAsync()
{
}
[Authorize(Policy="Writers")]
public async Task WriteAsync()
{
}
}
公共类保单回购
{
公共字符串PolicyID{get;set;}
公共字符串[]用户{get;set;}
}
公共类检查策略服务
{
private PolicyRepo[]repos{get;set;}//所有策略及其允许的用户
公共异步任务CheckClaimeSync(Claim userClaim,字符串策略)
{
if(userClaim.Type!=“UserID”)
{
返回false;
}
bool hasAccess=this.repos.Single(r=>r.PolicyId==policy).Users.Contains(userClaim.Value);
返回通道;
}
}
公共类控制器
{
[授权(Policy=“Readers”)]
公共异步任务ReadAsync()
{
}
[授权(Policy=“Writers”)]
公共异步任务WriteAsync()
{
}
}