[英]ASP.NET MVC 6 folder authorization
I'm preparing application in ASP.NET MVC 6. This application has a folder with some static files for administration purposes. 我正在ASP.NET MVC 6中准备应用程序。此应用程序有一个文件夹,其中包含一些用于管理目的的静态文件。 I would like to restrict access to this content to users with specific role. 我想限制对具有特定角色的用户访问此内容。
Before MVC 6 there was a possibility to create a web.config file and place it in this restricted folder (example: asp.net folder authorization ). 在MVC 6之前,有可能创建一个web.config文件并将其放在这个受限制的文件夹中(例如: asp.net文件夹授权 )。
Is similar approach available in vNext? vNext中是否有类似的方法?
如果您在IIS中托管它,您仍然可以以相同的方式在文件夹上设置安全性。
You can follow Scott Allen's blog post which shows how to do this using some middleware: 您可以关注Scott Allen的博客文章,其中介绍了如何使用某些中间件执行此操作:
// First, in the Startup class for the application, we will add the required services.
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication();
services.AddAuthorization(options =>
{
options.AddPolicy("Authenticated", policy => policy.RequireAuthenticatedUser());
});
}
The ProtectFolder
class is the middleware itself. ProtectFolder
类是中间件本身。 The Invoke method on a middleware object is injectable, so we'll ask for the current authorization service and use the service to authorize the user if the current request is heading towards a protected folder. 中间件对象上的Invoke方法是可注入的,因此我们将要求当前的授权服务,并在当前请求朝向受保护的文件夹时使用该服务来授权用户。 If authorization fails we use the authentication manager to challenge the user, which typically redirects the browser to a login page, depending on the authentication options of the application. 如果授权失败,我们使用身份验证管理器来挑战用户,这通常会将浏览器重定向到登录页面,具体取决于应用程序的身份验证选项。
public class ProtectFolderOptions
{
public PathString Path { get; set; }
public string PolicyName { get; set; }
}
public static class ProtectFolderExtensions
{
public static IApplicationBuilder UseProtectFolder(
this IApplicationBuilder builder,
ProtectFolderOptions options)
{
return builder.UseMiddleware<ProtectFolder>(options);
}
}
public class ProtectFolder
{
private readonly RequestDelegate _next;
private readonly PathString _path;
private readonly string _policyName;
public ProtectFolder(RequestDelegate next, ProtectFolderOptions options)
{
_next = next;
_path = options.Path;
_policyName = options.PolicyName;
}
public async Task Invoke(HttpContext httpContext,
IAuthorizationService authorizationService)
{
if(httpContext.Request.Path.StartsWithSegments(_path))
{
var authorized = await authorizationService.AuthorizeAsync(
httpContext.User, null, _policyName);
if (!authorized)
{
await httpContext.Authentication.ChallengeAsync();
return;
}
}
await _next(httpContext);
}
}
Back in the application's Startup class, we'll configure the new middleware to protect the /secret directory with the “Authenticated” policy. 回到应用程序的Startup类,我们将配置新的中间件以使用“Authenticated”策略保护/ secret目录。
public void Configure(IApplicationBuilder app)
{
app.UseCookieAuthentication(options =>
{
options.AutomaticAuthentication = true;
});
// This must be before UseStaticFiles.
app.UseProtectFolder(new ProtectFolderOptions
{
Path = "/Secret",
PolicyName = "Authenticated"
});
app.UseStaticFiles();
// ... more middleware
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.