[英]Custom principal displays Forbidden on Authorize Filter attribute ASP.Net Core 6 MVC
The application is an ASP.NET Core 6 MVC app and uses Windows authentication.该应用程序是一个 ASP.NET Core 6 MVC 应用程序,使用 Windows 身份验证。 Currently I have a
ClaimsTransformation
like this:目前我有一个像这样的
ClaimsTransformation
:
public class ClaimsTransformation : IClaimsTransformation
{
private readonly IHttpContextAccessor _httpContextAccessor;
private readonly IAuthenticationService _authenticationService;
public ClaimsTransformation(IHttpContextAccessor accessor, IAuthenticationService authenticationService)
{
_httpContextAccessor = accessor;
_authenticationService = authenticationService;
}
public async Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
{
if (principal != null && principal.Identity != null && !principal.Identity.IsAuthenticated)
return principal;
var clonedPrincipal = principal.Clone();
var clonedClaims = clonedPrincipal.Claims.ToList();
var clonedIdentity = clonedPrincipal.Identity;
var customPrincipal = _authenticationService.WindowsAuthenticate(clonedIdentity);
var customIdentity = (ClaimsIdentity)customPrincipal.Identity;
foreach (var claim in clonedClaims)
{
customIdentity.AddClaim(claim);
}
_httpContextAccessor.HttpContext.User = customPrincipal;
Thread.CurrentPrincipal = _httpContextAccessor.HttpContext.User;
return await Task.FromResult(customPrincipal);
}
}
However, when it reaches the controller which has a [Authorize]
attribute, it displays a http 403 error.但是,当它到达具有
[Authorize]
属性的 controller 时,它会显示 http 403 错误。 Kindly suggest.请建议。 Thanks
谢谢
1. Create the ClaimsTransformation
in our application. 1. 在我们的应用程序中创建
ClaimsTransformation
。
2. Register it in startup file. 2. 在启动文件中注册。
Startup.cs(.net Core <=5.0) :
services.AddTransient<IClaimsTransformation, ClaimsTransformer>();
Program.cs(.net Core >=6.0) :
builder.Services.AddTransient<IClaimsTransformation, ClaimsTransformer>();
3. Set the policy. 3. 设置策略。
//.net core <= 5.0
services.AddAuthorization(options =>
{
options.AddPolicy("Readonly", policy =>
policy.RequireClaim("permission", "readOnly"));
options.AddPolicy("Write", policy =>
policy.RequireClaim("permission", "write"));
});
//.net core >= 6.0
builder.Services.AddAuthorization(options =>
{
options.AddPolicy("Readonly", policy =>
policy.RequireClaim("permission", "readOnly"));
options.AddPolicy("Write", policy =>
policy.RequireClaim("permission", "write"));
});
4. Use it in the controller. 4.在controller中使用。
[Authorize(Policy = "Write")]
public IActionResult Contact()
{
...
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.