单个策略中的ASP.NET核心多(类型)授权要求
有没有办法得到这样的东西单个策略中的ASP.NET核心多(类型)授权要求,asp.net,authorization,asp.net-core-1.0,Asp.net,Authorization,Asp.net Core 1.0,有没有办法得到这样的东西 options.AddPolicy("IsEducationOwner", policy => { // Eather first OR second policy requirement needs to be true policy.Requirements.Add(new EducationOwnerRequirement()); // My custom requirement that has
options.AddPolicy("IsEducationOwner", policy =>
{
// Eather first OR second policy requirement needs to be true
policy.Requirements.Add(new EducationOwnerRequirement()); // My custom requirement that has one handler
policy.RequireRole("CatalogAdmin"); // Role based requirement
});
我发现这是可行的。需求需要有额外的处理程序来检查用户声明中的角色,因此代码如下所示 更多信息可在或中找到 我的例子是:
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthorization(options => {
options.AddPolicy("IsEducationOwner", policy =>
{
policy.Requirements.Add(new EducationOwnerRequirement());
});
});
services.AddTransient<IAuthorizationHandler, IsEducationOwnerHandler>();
services.AddTransient<IAuthorizationHandler, HasCatalogAdminRoleHandler>();
}
}
public class EducationOwnerRequirement : IAuthorizationRequirement
{
}
public class HasCatalogAdminRoleHandler : AuthorizationHandler<EducationOwnerRequirement>
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, EducationOwnerRequirement requirement)
{
if (context.User.IsInRole("CatalogAdmin"))
{
context.Succeed(requirement);
}
return Task.CompletedTask;
}
}
public class IsEducationOwnerHandler : AuthorizationHandler<EducationOwnerRequirement>
{
private PerformaContext _db;
public IsEducationOwnerHandler(PerformaContext db)
{
_db = db;
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, EducationOwnerRequirement requirement)
{
var mvcContext = context.Resource as Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext;
if (mvcContext == null || !context.User.HasClaim(c => c.Type == ClaimTypeNaming.oid))
{
return Task.CompletedTask;
}
var path = mvcContext.HttpContext.Request.Path.Value;
var educationId = path.Substring(path.IndexOf("/api/educations/") + 16, path.Length - path.IndexOf("/api/educations/") - 16);
var userExternalId = context.User.FindFirst(ClaimTypeNaming.oid).Value;
var userId = _db.GetUserByExternalId(userExternalId).Select(x => x.Id).FirstOrDefault();
if(userId == Guid.Empty)
{
return Task.CompletedTask;
}
var educationOwners = _db.GetOwnersForEducation(Guid.Parse(educationId)).Select(x => x.UserId).ToList();
if (educationOwners.Contains(userId))
{
context.Succeed(requirement);
}
return Task.CompletedTask;
}
}
公共类启动
{
public void配置服务(IServiceCollection服务)
{
services.AddAuthorization(选项=>{
options.AddPolicy(“IsEducationOwner”,策略=>
{
policy.Requirements.Add(新教育所有者要求());
});
});
services.AddTransient();
services.AddTransient();
}
}
公共课堂教育所有者要求:IAAuthorizationRequirement
{
}
公共类HasCatalogAdminRoleHandler:AuthorizationHandler
{
受保护的覆盖任务HandleRequirementAsync(授权HandlerContext上下文,教育所有者要求)
{
if(context.User.IsInRole(“CatalogAdmin”))
{
成功(要求);
}
返回Task.CompletedTask;
}
}
公共类IsEducationOwnerHandler:AuthorizationHandler
{
私人PerformContext数据库;
公共教育所有者管理者(PerformContext db)
{
_db=db;
}
受保护的覆盖任务HandleRequirementAsync(授权HandlerContext上下文,教育所有者要求)
{
var mvcContext=context.Resource as Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext;
if(mvcContext==null | |!context.User.HasClaim(c=>c.Type==ClaimTypeNaming.oid))
{
返回Task.CompletedTask;
}
var path=mvcContext.HttpContext.Request.path.Value;
var educationId=path.Substring(path.IndexOf(“/api/educations/”)+16,path.Length-path.IndexOf(“/api/educations/”)-16);
var userExternalId=context.User.FindFirst(ClaimTypeNaming.oid).Value;
var userId=_db.GetUserByExternalId(userExternalId).Select(x=>x.Id).FirstOrDefault();
if(userId==Guid.Empty)
{
返回Task.CompletedTask;
}
var educationOwners=_db.GetOwnersForEducation(Guid.Parse(educationId)).Select(x=>x.UserId.ToList();
if(educationOwners.Contains(userId))
{
成功(要求);
}
返回Task.CompletedTask;
}
}
我发现这是可行的。需求需要有额外的处理程序来检查用户声明中的角色,因此代码如下所示
更多信息可在或中找到
我的例子是:
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthorization(options => {
options.AddPolicy("IsEducationOwner", policy =>
{
policy.Requirements.Add(new EducationOwnerRequirement());
});
});
services.AddTransient<IAuthorizationHandler, IsEducationOwnerHandler>();
services.AddTransient<IAuthorizationHandler, HasCatalogAdminRoleHandler>();
}
}
public class EducationOwnerRequirement : IAuthorizationRequirement
{
}
public class HasCatalogAdminRoleHandler : AuthorizationHandler<EducationOwnerRequirement>
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, EducationOwnerRequirement requirement)
{
if (context.User.IsInRole("CatalogAdmin"))
{
context.Succeed(requirement);
}
return Task.CompletedTask;
}
}
public class IsEducationOwnerHandler : AuthorizationHandler<EducationOwnerRequirement>
{
private PerformaContext _db;
public IsEducationOwnerHandler(PerformaContext db)
{
_db = db;
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, EducationOwnerRequirement requirement)
{
var mvcContext = context.Resource as Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext;
if (mvcContext == null || !context.User.HasClaim(c => c.Type == ClaimTypeNaming.oid))
{
return Task.CompletedTask;
}
var path = mvcContext.HttpContext.Request.Path.Value;
var educationId = path.Substring(path.IndexOf("/api/educations/") + 16, path.Length - path.IndexOf("/api/educations/") - 16);
var userExternalId = context.User.FindFirst(ClaimTypeNaming.oid).Value;
var userId = _db.GetUserByExternalId(userExternalId).Select(x => x.Id).FirstOrDefault();
if(userId == Guid.Empty)
{
return Task.CompletedTask;
}
var educationOwners = _db.GetOwnersForEducation(Guid.Parse(educationId)).Select(x => x.UserId).ToList();
if (educationOwners.Contains(userId))
{
context.Succeed(requirement);
}
return Task.CompletedTask;
}
}
公共类启动
{
public void配置服务(IServiceCollection服务)
{
services.AddAuthorization(选项=>{
options.AddPolicy(“IsEducationOwner”,策略=>
{
policy.Requirements.Add(新教育所有者要求());
});
});
services.AddTransient();
services.AddTransient();
}
}
公共课堂教育所有者要求:IAAuthorizationRequirement
{
}
公共类HasCatalogAdminRoleHandler:AuthorizationHandler
{
受保护的覆盖任务HandleRequirementAsync(授权HandlerContext上下文,教育所有者要求)
{
if(context.User.IsInRole(“CatalogAdmin”))
{
成功(要求);
}
返回Task.CompletedTask;
}
}
公共类IsEducationOwnerHandler:AuthorizationHandler
{
私人PerformContext数据库;
公共教育所有者管理者(PerformContext db)
{
_db=db;
}
受保护的覆盖任务HandleRequirementAsync(授权HandlerContext上下文,教育所有者要求)
{
var mvcContext=context.Resource as Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext;
if(mvcContext==null | |!context.User.HasClaim(c=>c.Type==ClaimTypeNaming.oid))
{
返回Task.CompletedTask;
}
var path=mvcContext.HttpContext.Request.path.Value;
var educationId=path.Substring(path.IndexOf(“/api/educations/”)+16,path.Length-path.IndexOf(“/api/educations/”)-16);
var userExternalId=context.User.FindFirst(ClaimTypeNaming.oid).Value;
var userId=_db.GetUserByExternalId(userExternalId).Select(x=>x.Id).FirstOrDefault();
if(userId==Guid.Empty)
{
返回Task.CompletedTask;
}
var educationOwners=_db.GetOwnersForEducation(Guid.Parse(educationId)).Select(x=>x.UserId.ToList();
if(educationOwners.Contains(userId))
{
成功(要求);
}
返回Task.CompletedTask;
}
}
或功能记录在此处:或功能记录在此处: