stackoom
  简体   繁体   中英

How do I build a custom role based authorization in ASP Core 2?

 原文  2017-11-14 16:20:23       c#/ asp.net/ asp.net-core

Question

I have a database that has a user table, access table and a join table assigning a user to multiple access. The site will verify a user by matching the Identity Username from AD with an username in the Users table to verify they can see the site (Intranet). The access table is used to specify which pages they are allow to visit.

In ASP Core 2 how can I use Authorization to perform the same check at Startup to verify they are in the Users table and then take it a step further and use Roles to allow the user access to specific web pages.

I've gone through the documentation but I can't figure out which way to go as the examples use a login that is not necessary in my case using AD.

I have a users table and don't use AD roles because we have a admin for exchange and I do not have access to that.

Thanks in advance

1 answers

solution1
 2 ACCPTED  2017-11-14 16:24:09

Authorize attribute is the what you are looking for. For example, 

[Authorize(Roles = "Admin, User")]

If you are using OAuth for authentication, you will create a ClaimsIdentity while authenticating. Based on the claim, the Authorize attribute will work out of the box. For example, 

public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
    {
        var userManager = context.OwinContext.GetUserManager<ApplicationUserManager>();

        ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password);

        if (user == null)
        {
            context.SetError("invalid_grant", "The user name or password is incorrect.");
            return;
        }

        ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager,
           OAuthDefaults.AuthenticationType);

        AuthenticationProperties properties = CreateProperties(user.UserName);
        AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
        context.Validated(ticket);
        context.Request.Context.Authentication.SignIn(oAuthIdentity);
    }

You can refer to this post , where I have explained a similar scenario in a bit more detail.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Role based authorization in ASP.Core 3: how to grant access everywhere to certain role? ASP.Net Core 3.0 Windows Authentication with Custom Role Based Authorization Role based authorization attribute not working in ASP.NET Core MVC Asp.NET Core MVC Role based Authorization Role based authorization in asp core 2 with jwt tokens and identity Role based authorization in ASP.NET Core 3.1 with Identity and ExternalLogin ASP.NET Core 3.0 Role Based Authorization not working How do I add a custom property to a Role Claim in .Net Core? In ASP.NET Core 2.1 how do I add menu items after the user has logged in based on Role? ASP.NET Core Custom Policy Based Authorization - unclear
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM