[英]How to reload a Custom Attribute during run-time? ASP.NET Core MVC
I have an application wherein users can make new Roles. 我有一个应用程序,其中用户可以创建新的角色。 Some actions are only accessible by certain roles.
某些操作只能由某些角色访问。 To check whether a user is allowed to do a certain action, I use a custom AuthorizeAttribute, similar to https://stackoverflow.com/a/40300184 .
要检查是否允许用户执行某项操作,我使用自定义AuthorizeAttribute,类似于https://stackoverflow.com/a/40300184 。
[AuthorizeRoles(Permission.Unlink, Permission.Link)]
[HttpGet("link")]
public IActionResult Link(int id)
{
...
}
The AuthorizeRolesAttribute class: AuthorizeRolesAttribute类:
public class AuthorizeRolesAttribute : AuthorizeAttribute
{
public AuthorizeRolesAttribute(params Permission[] permissions)
{
Roles = GetRoles(permissions);
}
}
GetRoles: GetRoles:
public static string GetRoles(params Permission[] permissions)
{
DataRowCollection rows = DatabaseHelper.RoleTable.Rows;
List<string> allowedRoles = new List<string>();
foreach (DataRow row in rows)
{
bool allowed = true;
foreach (Permission permission in permissions)
{
if ((bool)row[permission.ToString()] == false)
allowed = false;
}
//if all required permissions are true in this role it is added to the allowed roles
if (allowed)
allowedRoles.Add(row["ROLE"].ToString());
}
return string.Join(",", allowedRoles);
}
When the application starts, each method with the AuthorizeRolesAttribute calls the GetRoles method to determine what roles are allowed to use the method. 当应用程序启动时,每个使用AuthorizeRolesAttribute的方法都会调用GetRoles方法来确定允许哪些角色使用该方法。 This works fine for existing roles, however, when a new role is added.
但是,当添加新角色时,这适用于现有角色。 The attribute doesn't re-evaluate the roles.
该属性不会重新评估角色。 I need the attribute to update and allow the new role to use the method without having to restart the application.
我需要更新属性并允许新角色使用该方法而无需重新启动应用程序。
I have tried to run the following code after adding a new Role. 我在添加新角色后尝试运行以下代码。 (As suggested by https://stackoverflow.com/a/12196932 )
(根据https://stackoverflow.com/a/12196932的建议)
typeof(UsersController).GetMethod(nameof(UsersController.Link)).GetCustomAttributes(false);
This does cause the AuthorizeRolesAttribute to call GetRoles() again, and this does return a string with the new Role in it. 这确实会导致AuthorizeRolesAttribute再次调用GetRoles(),这会返回一个包含新Role的字符串。 However, when trying to access the 'Link' method as a user with the new Role, I get a 403 Forbidden status.
但是,当尝试以具有新角色的用户身份访问“链接”方法时,我获得403 Forbidden状态。
I found a solution. 我找到了解决方案。 Instead of this:
而不是这个:
public class AuthorizeRolesAttribute : AuthorizeAttribute
{
public AuthorizeRolesAttribute(params Permission[] permissions)
{
Roles = GetRoles(permissions);
}
}
I now have this: 我现在有这个:
public class AuthorizeRolesAttribute : Attribute, IAuthorizationFilter
{
private readonly Permission[] permissions;
public AuthorizeRolesAttribute(params Permission[] permissions)
{
this.permissions = permissions;
}
public void OnAuthorization(AuthorizationFilterContext context)
{
string[] roles = Authentication.GetRoles(permissions).Split(",");
bool allowed = context.HttpContext.User.Claims.Any(c => c.Type.Contains("role") && roles.Contains(c.Value));
if (!allowed)
context.Result = new ForbidResult();
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.