Authentication 将参数从控制器传递到自定义AuthorizationHandler_Authentication_.net Core_Authorization

Authentication 将参数从控制器传递到自定义AuthorizationHandler

authentication .net-core

Authentication 将参数从控制器传递到自定义AuthorizationHandler,authentication,.net-core,authorization,Authentication,.net Core,Authorization,我正在开发一个控制器，它允许人们共享更新网站的权限。我正在尝试使用AuthorizationHandler来验证当前用户是否有权更新他们尝试更新的网站我当前的请求和授权处理程序 public class WebsiteRequirement : IAuthorizationRequirement { public WebsiteRequirement(int websiteId) { WebsiteId = websiteId; } publi

我正在开发一个控制器，它允许人们共享更新网站的权限。我正在尝试使用AuthorizationHandler来验证当前用户是否有权更新他们尝试更新的网站

我当前的请求和授权处理程序

public class WebsiteRequirement : IAuthorizationRequirement
{
    public WebsiteRequirement(int websiteId)
    {
        WebsiteId = websiteId;
    }

    public int WebsiteId { get; private set; }

}

如果试图从HTTP请求传入值，则可以通过传递到处理程序（）的

AuthorizationHandlerContext

上的

Resource

属性访问这些值

如果您只是试图传入一些配置类型设置，那么请确保您的

AuthorizationHandler

具有生存期瞬态，并将这些值传入构造函数。

因此，我看到的问题是，我并不总是具有相同的http请求结构。例：如果我使用

api/websites/2

，那么websiteId是2。如果我发了一篇帖子，那么我想从

website

对象中获取websiteId。在AuthorizationHandler中设置这种条件是否是一种好的做法？@ChrisHobbs我不想评论最佳做法；你当然可以这么做。。。

internal class WebsiteAuthorizationHandler : AuthorizationHandler<WebsiteRequirement>, IAuthorizationHandler
{
    private readonly IWebsiteLogic _websiteLogic;

    public WebsiteAuthorizationHandler(IWebsiteLogic websiteLogic)
    {
        _websiteLogic = websiteLogic;
    }

    protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, WebsiteRequirement requirement)
    {
        int userId = int.Parse(context.User.FindFirst(c => c.Type == "UserId").Value);

        // Use the _websiteLogic to check if user has access, based on user id and website Id
        if(_websiteLogic.CheckUserAccess(userId, requirement.WebsiteId)){
            context.Succeed(requirement);
        }
        else
        {
            context.Fail();
        }
        return Task.CompletedTask;
    }
}

public void ConfigureServices(IServiceCollection services)
{
  services.AddAuthorization(options =>
  {
      options.AddPolicy("WebAuth", policy => policy.Requirements.Add(new WebsiteRequirement(1)));
  });

    services.AddSingleton<IAuthorizationHandler, WebsiteAuthorizationHandler>();
}

[HttpPost]
[Authorize(Policy = "WebAuth", WebsiteId=[FromBody]website.id)]  // Trying to do something like this
public ActionResult<WebsiteDto> SaveWebsite([FromBody] WebsiteDto website)
{
    if(_websiteLogic.CheckUserAccess(CurrentUserId, website.Id)) // My Backup Solution
    {
        return _websiteLogic.AddWebsite(website);
    }
    return new UnauthorizedResult();
}