是否可以针对两个或多个策略应用授权?我正在使用ASP.NET 5,rc1.
Is it possible to apply authorization against two or more policies? I am using ASP.NET 5, rc1.
[Authorize(Policy = "Limited,Full")] public class FooBarController : Controller { // This code doesn't work }如果没有,如何在不使用政策的情况下实现这一目标?可以访问此控制器的用户有两类:完全"和受限".用户可以属于全部"或受限",或者两者都属于.他们只需要属于两个组之一即可访问此控制器.
If not, how may I achieve this without using policies? There are two groups of users that may access this controller: "Full" and "Limited". Users may either belong to "Full" or "Limited", or both. They only require to belong to one of the two groups in order to access this controller.
推荐答案不是您想要的方式;策略被设计为累积性的.例如,如果您使用两个单独的属性,那么它们必须都通过.
Not the way you want; policies are designed to be cumulative. For example if you use two separate attributes then they must both pass.
您必须在单个策略中评估OR条件.但是您不必在单个处理程序中将其编码为OR.您可以有一个具有多个处理程序的需求.如果两个处理程序中的任何一个标记为成功,则满足要求.请参阅我的授权研讨会中的步骤6.
You have to evaluate OR conditions within a single policy. But you don't have to code it as ORs within a single handler. You can have a requirement which has more than one handler. If either of the handlers flag success then the requirement is fulfilled. See Step 6 in my Authorization Workshop.
更多推荐
ASP.NET 5授权使用两个或多个策略(或组合策略)
发布评论