Asp.Net Core:访问AuthorizeHandler中的自定义AuthorizeAttribute属性
[英]Asp.Net Core: Access custom AuthorizeAttribute property in AuthorizeHandler
问题描述
As I am working on Asp.Net core Authorization part, I needed a new property in AuthorizeAttribute which I want to utilize as a extra permission value. 
当我在Asp.Net core Authorization部分工作时,我需要在AuthorizeAttribute中使用一个新属性,我想将其用作额外的权限值。 So, I have extended the AuthorizeAttribute in my own custom Authorize attribute. 所以,我在自己的自定义Authorize属性中扩展了AuthorizeAttribute 。 See below: 见下文:
public class RoleAuthorizeAttribute : Microsoft.AspNetCore.Authorization.AuthorizeAttribute
{
public string Permission { get; private set; }
public RoleAuthorizeAttribute(string policy, string permission) : base(policy)
{
this.Permission = permission;
}
}
Then, I've created an AuthorizationHandler to check for the requirement as below: 然后,我创建了一个AuthorizationHandler来检查需求,如下所示:
public class RolePermissionAccessRequirement : AuthorizationHandler<RolePermissionDb>
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, RolePermissionDb requirement)
{
// check here..
context.Succeed(requirement);
return Task.FromResult(0);
}
}
All respective service collection mapping I have already done, just omitted here. 我已经完成了所有相应的服务集合映射,这里省略了。
Now, I want my attribute to use like this on controller action level: 现在,我希望我的属性在控制器操作级别上使用如下:
[RoleAuthorize("DefaultPolicy", "CustomPermission")]
public IActionResult List()
{
}
Would anybody suggest me how would I access the permission property value given on the top of Action method in the handler RolePermissionAccessRequirement ?? 有人会建议我如何在处理程序RolePermissionAccessRequirement中访问Action方法顶部给出的权限属性值 ?
I want to perform some sort of access rule based on custom permission value given in the Authorize attribute on top of Action method. 我想基于Action方法顶部的Authorize attribute给出的自定义权限值来执行某种访问规则。
Thanks in advance! 提前致谢!
1 个解决方案
解决方案1
0 已采纳 2017-06-08 11:53:33
To parametrize a custom Authorize attribute, create an authorization filter implementing IAsyncAuthorizationFilter . 要参数化自定义Authorize属性,请创建实现IAsyncAuthorizationFilter的授权过滤器。 Then wrap the filter in a TypeFilterAttribute -derived attribute. 然后将过滤器包装在TypeFilterAttribute -derived属性中。 This attribute can accept parameters and pass it to the authorization filter's constructor. 此属性可以接受参数并将其传递给授权过滤器的构造函数。
Usage example: 用法示例:
[AuthorizePermission(Permission.Foo, Permission.Bar)]
public IActionResult Index()
{
return View();
}
Implementation: 执行:
public class AuthorizePermissionAttribute : TypeFilterAttribute
{
public AuthorizePermissionAttribute(params Permission[] permissions)
: base(typeof(PermissionFilter))
{
Arguments = new[] { new PermissionRequirement(permissions) };
Order = Int32.MinValue;
}
}
public class PermissionFilter : Attribute, IAsyncAuthorizationFilter
{
private readonly IAuthorizationService _authService;
private readonly PermissionRequirement _requirement;
public PermissionFilter(
IAuthorizationService authService,
PermissionRequirement requirement)
{
//you can inject dependencies via DI
_authService = authService;
//the requirement contains permissions you set in attribute above
//for example: Permission.Foo, Permission.Bar
_requirement = requirement;
}
public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
bool ok = await _authService.AuthorizeAsync(
context.HttpContext.User, null, _requirement);
if (!ok) context.Result = new ChallengeResult();
}
}
In addition, register a PermissionHandler in DI to handle PermissionRequirement with permission list: 此外,在DI中注册PermissionHandler以使用权限列表处理PermissionRequirement :
public class PermissionHandler : AuthorizationHandler<PermissionRequirement>
Look at this this GitHub project for a complete example. 看看这个 GitHub项目的完整示例。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.