首页 > 编程入门 文章详情

如何在ASP.NET CORE中为多个策略创建自定义Authorize属性

编程入门 行业动态 更新时间:2024-10-25 21:23:22
本文介绍了如何在ASP.NET CORE中为多个策略创建自定义Authorize属性的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧! 问题描述

我想授权一个动作控制器可以被多个策略访问.

I want to authorize an action controller could access by multiple policies.

,例如:

[Authorize([Policies.ManageAllCalculationPolicy,Policies.ManageAllPriceListPolicy]] public async Task<IActionResult> Get(int id){}

非常感谢.

推荐答案

对于多个策略,您可以实现自己的AuthorizeAttribute.

For multiple policys, you could implement your own AuthorizeAttribute.

  • AuthorizeMultiplePolicyAttribute

  • AuthorizeMultiplePolicyAttribute

public class AuthorizeMultiplePolicyAttribute:TypeFilterAttribute { public AuthorizeMultiplePolicyAttribute(string policies,bool IsAll):base(typeof(AuthorizeMultiplePolicyFilter)) { Arguments = new object[] { policies,IsAll}; } }

  • AuthorizeMultiplePolicyFilter

  • AuthorizeMultiplePolicyFilter

    public class AuthorizeMultiplePolicyFilter: IAsyncAuthorizationFilter { private readonly IAuthorizationService _authorization; public string _policies { get; private set; } public bool _isAll { get; set; } public AuthorizeMultiplePolicyFilter(string policies, bool IsAll,IAuthorizationService authorization) { _policies = policies; _authorization = authorization; _isAll = IsAll; } public async Task OnAuthorizationAsync(AuthorizationFilterContext context) { var policys = _policies.Split(";").ToList(); if (_isAll) { foreach (var policy in policys) { var authorized = await _authorization.AuthorizeAsync(context.HttpContext.User, policy); if (!authorized.Succeeded) { context.Result = new ForbidResult(); return; } } } else { foreach (var policy in policys) { var authorized = await _authorization.AuthorizeAsync(context.HttpContext.User, policy); if (authorized.Succeeded) { return; } } context.Result = new ForbidResult(); return; } } }

  • 在启动时添加所需的策略

  • Add Policy you want on Startup

    services.AddAuthorization(options => { options.AddPolicy("ManageAllCalculationPolicy", policy => policy.RequireAssertion(context => context.User.HasClaim(c => c.Type == "BadgeId"))); options.AddPolicy("ManageAllPriceListPolicy", policy => policy.RequireAssertion(context => context.User.HasClaim(c => c.Type == "aaaa"))); });

  • 基于其中一项策略的授权

  • Authorization based on one of the policies

    [AuthorizeMultiplePolicy("ManageAllCalculationPolicy;ManageAllPriceListPolicy", false)]

  • 基于所有策略的授权

  • Authorization based on all policies

    [AuthorizeMultiplePolicy("ManageAllCalculationPolicy;ManageAllPriceListPolicy", true)]

    • 更多推荐

    如何在ASP.NET CORE中为多个策略创建自定义Authorize属性

    本文发布于:2023-11-14 10:33:35,感谢您对本站的认可!
    本文链接:https://www.elefans.com/category/jswz/34/1586976.html
    版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,我们将在24小时内删除。
    本文标签:多个   自定义   中为   属性   策略

    发布评论

    评论列表 (有 0 条评论)

    最近发表

    草根站长

    >www.elefans.com

    编程频道|电子爱好者 - 技术资讯及电子产品介绍!

    热门文章

    标签列表