Warning: file_get_contents(/data/phpspider/zhask/data//catemap/5/tfs/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
.net core 向web api.net核心添加硬编码角色_.net Core_Asp.net Core Webapi - Fatal编程技术网
Fatal编程技术网
  • .net-core/
  • .net core 向web api.net核心添加硬编码角色

.net core 向web api.net核心添加硬编码角色

.net-core

.net core 向web api.net核心添加硬编码角色,.net-core,asp.net-core-webapi,.net Core,Asp.net Core Webapi,我有一个.net核心api,我通过Azure组进行身份验证。但是这些组没有角色,所以我需要手动为组用户分配角色。例如: User1属于admins组,他可以执行所有CRUD操作,而poweruser组的user2可以浏览和编辑数据,但不能删除或添加新记录 控制器 [Authorize(Policy = "SuperAdmin")] [Route("api/[controller]")] [ApiController] public class TestC

我有一个.net核心api,我通过Azure组进行身份验证。但是这些组没有角色,所以我需要手动为组用户分配角色。例如: User1属于admins组,他可以执行所有CRUD操作,而poweruser组的user2可以浏览和编辑数据,但不能删除或添加新记录

控制器

[Authorize(Policy = "SuperAdmin")]

[Route("api/[controller]")]
[ApiController]
public class TestController : ControllerBase
{

  [HttpGet]
  public IActionResult Get(){
    return Ok("Test");
  }

  [Authorize(Roles = Role.Admin)]
  public IActionResult Delete(){
    return Ok("Deleted");
  }
}
Startup.cs

public void ConfigureServices(IServiceCollection services)
{            
   services.AddControllers();
   services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
            .AddMicrosoftIdentityWebApi(Configuration, "AzureAd")
            .EnableTokenAcquisitionToCallDownstreamApi()
            .AddInMemoryTokenCaches();

   services.Configure<WebOptions>(Configuration.GetSection("GraphApi"));

   services.AddAuthorization(options =>
   {                
       options.AddPolicy("SuperAdmin", policy =>
       policy.Requirements.Add(new GroupsCheckRequirement(Configuration.GetValue<string>("AzureSecurityGroup:SuperAdmin"))));
       options.AddPolicy("ProductUser", policy =>
       policy.Requirements.Add(new GroupsCheckRequirement(Configuration.GetValue<string>("AzureSecurityGroup:PowerUser"))));                
        });
}

public void配置服务(IServiceCollection服务)
{            
services.AddControllers();
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApi(配置,“AzureAd”)
.EnableTokenAcquisitionTollDownstreamMapi()
.AddInMemoryTokenCaches();
services.Configure(Configuration.GetSection(“GraphApi”);
services.AddAuthorization(选项=>
{                
options.AddPolicy(“超级管理员”,policy=>
policy.Requirements.Add(新的GroupsCheckRequirement(Configuration.GetValue(“AzureSecurityGroup:SuperAdmin”));
options.AddPolicy(“ProductUser”,策略=>
policy.Requirements.Add(新的GroupsCheckRequirement(Configuration.GetValue(“AzureSecurityGroup:PowerUser”));
});
}
谢谢