.net core 向web api.net核心添加硬编码角色
我有一个.net核心api,我通过Azure组进行身份验证。但是这些组没有角色,所以我需要手动为组用户分配角色。例如: User1属于admins组,他可以执行所有CRUD操作,而poweruser组的user2可以浏览和编辑数据,但不能删除或添加新记录 控制器.net core 向web api.net核心添加硬编码角色,.net-core,asp.net-core-webapi,.net Core,Asp.net Core Webapi,我有一个.net核心api,我通过Azure组进行身份验证。但是这些组没有角色,所以我需要手动为组用户分配角色。例如: User1属于admins组,他可以执行所有CRUD操作,而poweruser组的user2可以浏览和编辑数据,但不能删除或添加新记录 控制器 [Authorize(Policy = "SuperAdmin")] [Route("api/[controller]")] [ApiController] public class TestC
[Authorize(Policy = "SuperAdmin")]
[Route("api/[controller]")]
[ApiController]
public class TestController : ControllerBase
{
[HttpGet]
public IActionResult Get(){
return Ok("Test");
}
[Authorize(Roles = Role.Admin)]
public IActionResult Delete(){
return Ok("Deleted");
}
}
Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApi(Configuration, "AzureAd")
.EnableTokenAcquisitionToCallDownstreamApi()
.AddInMemoryTokenCaches();
services.Configure<WebOptions>(Configuration.GetSection("GraphApi"));
services.AddAuthorization(options =>
{
options.AddPolicy("SuperAdmin", policy =>
policy.Requirements.Add(new GroupsCheckRequirement(Configuration.GetValue<string>("AzureSecurityGroup:SuperAdmin"))));
options.AddPolicy("ProductUser", policy =>
policy.Requirements.Add(new GroupsCheckRequirement(Configuration.GetValue<string>("AzureSecurityGroup:PowerUser"))));
});
}
public void配置服务(IServiceCollection服务)
{
services.AddControllers();
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApi(配置,“AzureAd”)
.EnableTokenAcquisitionTollDownstreamMapi()
.AddInMemoryTokenCaches();
services.Configure(Configuration.GetSection(“GraphApi”);
services.AddAuthorization(选项=>
{
options.AddPolicy(“超级管理员”,policy=>
policy.Requirements.Add(新的GroupsCheckRequirement(Configuration.GetValue(“AzureSecurityGroup:SuperAdmin”));
options.AddPolicy(“ProductUser”,策略=>
policy.Requirements.Add(新的GroupsCheckRequirement(Configuration.GetValue(“AzureSecurityGroup:PowerUser”));
});
}
谢谢