[英]ASP.NET Core 2.0 - Razor - Authorize
I'm trying out asp.net core 2 razor pages. 我正在尝试asp.net core 2剃须刀页面。 If someone tries to access a page and they are not logged in or are in the correct role, I should not give them access to that page. 如果有人尝试访问某个页面,但他们尚未登录或角色正确,则不应授予他们对该页面的访问权限。
what is the appropriate way to limit the person's access to the page? 限制该人访问页面的适当方法是什么?
I would think that I would put some type of an attribute in the page's view model class, but that does not seem to work. 我认为我应该在页面的视图模型类中放置某种类型的属性,但这似乎不起作用。 I've tried to add attributes to the various methods and the class with no luck. 我尝试将属性添加到各种方法和类中没有运气。
To use the authorize attribute you can decorate the PageModel
with the AuthorizeAttribute
. 要使用authorize属性,可以使用AuthorizeAttribute
装饰PageModel
。
For example: 例如:
// using Microsoft.AspNetCore.Authorization
[Authorize]
public class IndexModel : PageModel
{
...
}
Alternatively, you can also setup authorization under the options of the ConfigureServices
method: 另外,您还可以在ConfigureServices
方法的选项下设置授权:
services.AddMvc()
.AddRazorPagesOptions(options =>
{
options.Conventions.AuthorizeFolder("/MembersOnly");
options.Conventions.AuthorizePage("/Account/Logout");
options.Conventions.AuthorizeFolder("/Pages/Admin", "Admins"); // with policy
options.Conventions.AllowAnonymousToPage("/Pages/Admin/Login"); // excluded page
options.Conventions.AllowAnonymousToFolder("/Public"); // just for completeness
});
The AuthorizeFolder
will restrict access to the entire folder, whereas the AuthorizePage
would be restricting access based on the individual page. AuthorizeFolder
将限制对整个文件夹的访问,而AuthorizePage
将基于单个页面来限制访问。 The AllowAnonymousToFolder
and AllowAnonymousToPage
doing the opposite, accordingly. 因此, AllowAnonymousToFolder
和AllowAnonymousToPage
做相反的事情。
For specific documentation on the above, as of today, the documentation is still being completed. 对于上述特定文档,到目前为止,该文档仍在完成中。 However, you can read about the progress of it and track it here https://github.com/aspnet/Docs/issues/4281 但是,您可以在此处阅读有关它的进度并进行跟踪, 网址为https://github.com/aspnet/Docs/issues/4281
Otherwise, you can have a more general read about Authorization in ASP.NET Core on the official Microsoft Docs . 否则,您可以在官方的Microsoft Docs上获得有关ASP.NET Core中的授权的更一般的阅读。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.