是否有可能我们可以访问dbcontext以在基于策略的自定义授权中获取我的表数据和会话?任何人都可以帮助实现它吗?
Is it possible that we can access dbcontext to get my table data and session in custom Policy-Based Authorization? Anyone can help how to achieve it?
services.AddAuthorization(options => { options.AddPolicy("CheckAuthorize", policy => policy.Requirements.Add(new CheckAuthorize())); }); services.AddSingleton<IAuthorizationHandler, CheckAuthorize>(); public class CheckAuthorize : AuthorizationHandler<CheckAuthorize>, IAuthorizationRequirement { protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, CheckAuthorize requirement) { if () //check session to verify user is logged in or not { //redirect to login page } else { if ()//access dbcontext get data from database table to validate user access { //redirect to access denied page } } throw new NotImplementedException(); } }推荐答案
策略可以使用 DI
因此,假设您的数据库上下文位于DI中,您可以执行类似的操作
So, assuming your db context is in DI you could do something like
public class CheckAuthorizeHandler : AuthorizationHandler<CheckAuthorizeRequirement> { MyContext _context; public CheckAuthorizeHandler(MyContext context) { _context = context; } protected override Task HandleRequirementAsync( AuthorizationHandlerContext context, MyRequirement requirement) { // Do something with _context // Check if the requirement is fulfilled. return Task.CompletedTask; } }请注意,在执行此操作时,您必须将需求设置为单独的类,而不能执行CheckAuthorize : AuthorizationHandler<CheckAuthorize>, IAuthorizationRequirement,因此必须执行
Note that when you do this you have to make your requirement a seperate class, you can't do CheckAuthorize : AuthorizationHandler<CheckAuthorize>, IAuthorizationRequirement, so you'd have to do
public CheckAuthorizeRequirement : IAuthorizationRequirement { }最后,您需要在DI系统中注册您的处理程序
And finally you need to register your handler in the DI system
services.AddTransient<IAuthorizationHandler, CheckAuthorizeHandler>();更多推荐
如何访问dbcontext&基于自定义策略的授权中的会话
发布评论