Asp.net core .Net 5从Razor页面检查CustomPolicy_Asp.net Core_Authorization

Asp.net core .Net 5从Razor页面检查CustomPolicy

asp.net-core

Asp.net core .Net 5从Razor页面检查CustomPolicy,asp.net-core,authorization,Asp.net Core,Authorization,我有一个自定义授权处理程序，如下所示： public class CanApproveArticlesByOtherAuthorsClaimsHandler : AuthorizationHandler<ManageArticleApprovalRequirement> { protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ManageArticleAppro

我有一个自定义授权处理程序，如下所示：

public class CanApproveArticlesByOtherAuthorsClaimsHandler : AuthorizationHandler<ManageArticleApprovalRequirement>
{
    protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ManageArticleApprovalRequirement requirement)
    {
        var httpContext = context.Resource as HttpContext;

        if (httpContext == null)
        {
            return Task.CompletedTask;
        }

        string loggedInUser = context.User.Claims
                                          .FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier).Value;
        string authorId = (string)httpContext.Request.RouteValues["authorid"];

        if (context.User.IsInRole("Admin")
            && context.User.HasClaim(claim => claim.Type == "Article Approver" && claim.Value == "true")
            && loggedInUser.ToLower() != authorId.ToLower())
        {
            context.Succeed(requirement);
        }

        return Task.CompletedTask;
    }
}

在Startup.cs中

            services.AddSingleton<IAuthorizationHandler, CanApproveOnlyArticlesByOtherAuthorsHandler>();

您可以直接使用

IAuthorizationService

对具有某些要求的用户进行授权，如下所示：

@inject IAuthorizationService _authService;

<!-- the code section that need to authorize -->
<!-- for razor view, pass in Context instead of ViewContext.HttpContext 
     for the resource -->
@if((await _authService.AuthorizeAsync(User, ViewContext.HttpContext, new [] { new ManageArticleApprovalRequirement() })).Succeeded){
    <div class="col-sm-3 offset-sm-2">
        <input asp-for="@Model.Approved" class="form-check-input" />
        <label class="form-check-label" asp-for="@Model.Approved">Approve For Publication</label>
    </div>
}

@injectiaauthorizationservice\u authorizationservice；
@if（（wait_authService.AuthorizeAsync（User，ViewContext.HttpContext，new[]{new ManageArticleApprovalRequirement（）}））.successed）{
批准出版
}

注意：我假设您的

ManageArticleApprovalRequirement

具有无参数构造函数。基本上，您需要将该需求的一个实例传递给

IAuthorizationService.AuthorizeAsync

方法，如上面的代码所示。

King King，感谢您的输入，我认为我走的是正确的道路。然而，我可能在做一些愚蠢的事情。我已经在处理程序中放置了一些断点和一些日志语句来捕获正在发生的事情，因为它总是失败，即使在它应该成功的用户身上，但断点和日志语句永远不会被命中。另外，我接受了您的建议，将其放入控制器，并在ViewBag中加载一个值以执行相同的功能。我整天都在修补它。还是没有爱。将其移回cshtml页面，但此时距离此页面不远。@JayDavis您是否已注册自定义

IAuthorizationHandler

？像这样

services.AddSingleton（）

（在

Startup.ConfigureServices

）哈哈……是的……但是打字错误很重要……我的错。我重新命名了处理程序以符合其他一些处理程序，并且完全忽略了一些更改。现在我正在打处理程序，所以请继续！！然而，现在AuthorizationHandlerContext是以null的形式出现的，我假设是因为我没有将它分配给资源？是这样的！非常感谢你！

            services.AddAuthorization(options =>
        {
            //Other code

            options.AddPolicy("ApproveArticlesPolicy", policy => policy.AddRequirements(new ManageArticleApprovalRequirement()));

            //Other code;

        });

@inject IAuthorizationService _authService;

<!-- the code section that need to authorize -->
<!-- for razor view, pass in Context instead of ViewContext.HttpContext 
     for the resource -->
@if((await _authService.AuthorizeAsync(User, ViewContext.HttpContext, new [] { new ManageArticleApprovalRequirement() })).Succeeded){
    <div class="col-sm-3 offset-sm-2">
        <input asp-for="@Model.Approved" class="form-check-input" />
        <label class="form-check-label" asp-for="@Model.Approved">Approve For Publication</label>
    </div>
}