[英]How to check claim for value in API request (ASP.NET Core 2.2)
I'm using claims-based-identity in ASP.NET Core 2.2 我在ASP.NET Core 2.2中使用基于声明的身份
From what I've read, it's possible to make custom claims/policy authorization using the following format (found in this answer) 根据我的阅读,可以使用以下格式(在此答案中找到)进行自定义声明/政策授权
[Authorize(Policy = "DataDrivenExample")]
public IActionResult GetFooBar()
{
// Omitted for brevity...
}
However, in my application, I need to check whether the user has access to THIS specific object. 但是,在我的应用程序中,我需要检查用户是否有权访问此特定对象。 For example, something like this:
例如,如下所示:
[Authorize(Policy = "EditFooBar:" + id)]
public IActionResult EditFooBar(string id)
{
// Omitted for brevity...
}
The handler then something like this...? 处理程序然后是这样的...?
public class EditFooBarHandler : AuthorizationHandler<DataDrivenRequirement>
{
protected override void Handle(AuthorizationContext context,
string id)
{
var hasClaim = context.HttpContext.User.Claims.Any(c => c.Type == "EditFooBar" && c.Value == id);
...etc...
}
It's not really feasible to make a separate policy for every possible value of id
. 为
id
每个可能值制定单独的策略实际上是不可行的。
Basically, how can I pass data into a policy requirement checker that is different for every request to that API endpoint? 基本上,如何将数据传递到针对该API端点的每个请求都不同的策略要求检查器中?
I believe what you are looking for in this case is Resource-based Authorization. 我相信在这种情况下,您要寻找的是基于资源的授权。
https://docs.microsoft.com/en-us/aspnet/core/security/authorization/resourcebased?view=aspnetcore-2.2 https://docs.microsoft.com/en-us/aspnet/core/security/authorization/resourcebased?view=aspnetcore-2.2
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.