.NET Core中的自定义JWT授权
[英]Authorization in .NET Core for custom JWT
问题描述
I have currently created a web api using .NET Core Web API and I am succesfully issuing JWT Tokens. 
我目前已经使用.NET Core Web API创建了一个Web API,并且成功发行了JWT令牌。 A user in my project can belong to one or more "teams" and on each "team" they have a specific role. 我项目中的用户可以属于一个或多个“团队”,并且在每个“团队”中,他们都有特定的角色。 For example user A belongs to team T1 and has role ABC. 例如,用户A属于团队T1,并且具有角色ABC。
I would like to create an authorization flow to determine if the user is a team member and if the user has enough access to perform that specific request. 我想创建一个授权流程来确定用户是否是团队成员,以及用户是否具有执行该特定请求的足够权限。
I was initially thinking that if User A does not belong to team T1 and makes a POST with the url /api/t1/action I could use the url to determine what team the request is for and then do some sort of comparison with the data in the JWT. 我最初以为,如果用户A不属于团队T1,并且使用url / api / t1 / action进行POST,则可以使用url来确定请求的团队,然后与数据进行某种比较在JWT中。
Should this done using middleware, authorization filter or something else? 是否应该使用中间件,授权过滤器或其他方法完成? What should I use when applying the next check. 应用下一张支票时应该使用什么。
Please advise? 请指教?
1 个解决方案
解决方案1
0 2017-10-11 18:05:30
我通过使用.net核心Web api的授权策略来解决这个问题,并创建了一个自定义策略来定制我的应用程序需求。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.