[英]Asp.net Core IAuthorizationFilter :Top level attribute returning null
I am using .NET core 3 and for AuthorizationFilter inherited IAuthorizationFilter.我正在使用 .NET core 3 并且对于 AuthorizationFilter 继承了 IAuthorizationFilter。 On my top level attribute I have added custom attribute(ModulePermission).
在我的顶级属性上,我添加了自定义属性(ModulePermission)。
I need to get the value of the attribute on AuthorizeActionFilter -> OnAuthorization function.我需要获取 AuthorizeActionFilter -> OnAuthorization 函数上的属性值。
However, I can access current action customattribute(ActionPermission).但是,我可以访问当前操作 customattribute(ActionPermission)。 But my top level attribute is null.
但我的顶级属性为空。 ( var module = actionDescriptor.MethodInfo.GetCustomAttributes(true).FirstOrDefault(i => i is ModulePermissionAttribute); )
( var module = actionDescriptor.MethodInfo.GetCustomAttributes(true).FirstOrDefault(i => i is ModulePermissionAttribute); )
Example例子
Api Controller: API 控制器:
[ModulePermission(Module.Product)]
[Route("api/products")]
[ApiController]
public class ProductController : BaseApiController
{
public ProductController()
{
}
[Route(""), HttpPost, ActionPermission(Action.READ)]
public Response<Product> Get()
{
// some code
}
}
Authorization Class:授权等级:
using System;
using System.Linq;
using System.Reflection;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Controllers;
using Microsoft.AspNetCore.Mvc.Filters;
public enum Module
{
User,
Product
}
public enum Action
{
Read,
Delete,
Add,
Edit
}
[AttributeUsage(AttributeTargets.Method, AllowMultiple = false)]
public class ActionPermissionAttribute : Attribute
{
private Action _action;
public Action action { get { return action; } }
public ActionPermissionAttribute(Action action = Action.Read)
{
_action = action;
}
}
[AttributeUsage(AttributeTargets.Class, AllowMultiple = false)]
public class ModulePermissionAttribute : Attribute
{
private string _module;
public string Module { get { return _module; } }
public ModulePermissionAttribute(string module = "")
{
if (string.IsNullOrEmpty(module))
{
_module = "Novalue";
}
else
{
_module = module;
}
}
public ModulePermissionAttribute(Type module)
{
_module = module.Name;
}
}
public class AuthorizeAttribute : TypeFilterAttribute
{
public AuthorizeAttribute()
: base(typeof(AuthorizeActionFilter))
{
}
}
public class AuthorizeActionFilter : IAuthorizationFilter
{
public AuthorizeActionFilter()
{
}
public void OnAuthorization(AuthorizationFilterContext context)
{
bool isAuthorized = //check authorized or not
var actionDescriptor = (context.ActionDescriptor as ControllerActionDescriptor);
var module = actionDescriptor.MethodInfo.GetCustomAttributes<ModulePermissionAttribute>(true).FirstOrDefault(i => i is ModulePermissionAttribute);
// **here module is always null**
var method = actionDescriptor.MethodInfo.GetCustomAttributes<ActionPermissionAttribute>(false).FirstOrDefault(i => i is ActionPermissionAttribute);
// check module and method exists for the user
if (!isAuthorized)
{
context.Result = new ForbidResult();
}
}
}
Found the answer By Using EndpointMetadata通过使用 EndpointMetadata 找到答案
var module = context.ActionDescriptor.EndpointMetadata.OfType<ModulePermissionAttribute>().FirstOrDefault();
Hope this helps someone希望这可以帮助某人
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.