[英]How to Inject ControllerContext in startup.cs in ASP.Net-Core 2.2
I have a use case where each logged in user has a set of URLs he/she can access regardless of his/her role. 我有一个用例,其中每个登录用户都有一组URL,无论他/她的角色如何,他/她都可以访问。 I am trying to implement a policy in ASP.Net-core 2.2 to achieve this.
我正在尝试在ASP.Net-core 2.2中实施一项策略以实现这一目标。 Each of the URLs accessible to the user would be registered as claim when the user is registered and while a request is made by the authenticated user, an attempt is made to compare the requested URL/path to the URL claims registered for the user.
当用户注册时,用户可访问的每个URL都将被注册为声明,并且在经过身份验证的用户发出请求的同时,尝试将请求的URL /路径与为用户注册的URL声明进行比较。
Since I am trying to use authorization policy to achieve this, I have created the following Authorization Requirement and Handler 由于我正在尝试使用授权策略来实现此目的,因此我创建了以下授权要求和处理程序
public class AccessPermissionRequirement : IAuthorizationRequirement
{
public ControllerContext controllerContext { get; }
public string routeArea = "";
public AccessPermissionRequirement(ControllerContext _controllerContext, string RouteArea ="")
{
controllerContext = _controllerContext;
routeArea = RouteArea;
}
}
public class AccessPermissionHandler : AuthorizationHandler<AccessPermissionRequirement>
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AccessPermissionRequirement requirement)
{
if (!context.User.Identity.IsAuthenticated)
{
return Task.CompletedTask;
}
var actionName = requirement.controllerContext.ActionDescriptor.ActionName;
var controllerName = requirement.controllerContext.ActionDescriptor.ControllerName;
var route = controllerName + "/" + actionName;
if (context.User.HasClaim("Routes", route))
{
context.Succeed(requirement);
}
return Task.CompletedTask;
}
}
Since the AccessPermissionRequirement class requires an injection of ControllerContext at the constructor for me to be able to have access to the current request (outside a controller), I am finding it difficult to register the policy in the ConfigureServices method of the Startup.cs class. 由于AccessPermissionRequirement类要求在构造函数中注入ControllerContext,以便我能够访问当前请求(在控制器外部),因此我发现很难在Startup.cs类的ConfigureServices方法中注册该策略。
Below is what I have done that is not working 下面是我所做的不起作用
services.AddAuthorization(options => {
options.AddPolicy("CheckAccess", policy => policy.Requirements.Add(new AccessPermissionRequirement(ControllerContext controllerContext)));
});
I am getting the following error 我收到以下错误
ControllerContext is a type which is not valid in the given context
ControllerContext是在给定上下文中无效的类型
So, I'm stuck here as I don't know the way to resolve this. 因此,我被困在这里,因为我不知道解决方法。
Sorry, it is my first time trying to implement policy in ASP.Net-core 抱歉,这是我第一次尝试在ASP.Net-core中实施策略
I will appreciate a guide to resolve this. 我将感谢您解决此问题的指南。
Thank you 谢谢
It seems that IAuthorizationFilter
perfectly fits your case. 看来
IAuthorizationFilter
非常适合您的情况。 There's a good discussion regarding this: 关于此有一个很好的讨论:
How do you create a custom AuthorizeAttribute in ASP.NET Core?
如何在ASP.NET Core中创建自定义AuthorizeAttribute?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.