stackoom
  简体   繁体   中英

Environment dependent controller with [Authorize]

 原文  2018-09-20 23:18:36       c#/ asp.net/ controller/ authorization

Question

To mark a controller as requiring authorization you typically decorate it like this: 

[Authorize]
public class MyController : Controller

Our auth is through a 3rd party provider and given the way it is setup, we only want this to actually be in effect in our production environment, we don't want it to be active in QA environment for example. It's easy to toggle off environment in the Startup.cs file but is there a way to conditionally decorate the controllers? I started looking at policies and roles and that seem like it might be hacked to work but is there a better way?

1 answers

solution1
 2 ACCPTED  2018-09-21 02:18:35

If you are using Asp.NET Core, Following the documentation here:

https://docs.microsoft.com/en-us/aspnet/core/security/authorization/policies?view=aspnetcore-2.1 https://docs.microsoft.com/en-us/aspnet/core/security/authorization/dependencyinjection?view=aspnetcore-2.1

You can make your custom policy like so: 

public class EnvironmentAuthorize : IAuthorizationRequirement
{
    public string Environment { get; set; }

    public EnvironmentAuthorize(string env)
    {
        Environment = env;
    }
}

public class EnvironmentAuthorizeHandler : AuthorizationHandler<EnvironmentAuthorize>
{
    private readonly IHostingEnvironment envionment;

    public EnvironmentAuthorizeHandler(IHostingEnvironment env)
    {
        envionment = env;
    }

    protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, EnvironmentAuthorize requirement)
    {
        if (requirement.Environment != envionment.EnvironmentName)
        {
            context.Succeed(requirement);
        }

        return Task.CompletedTask;
    }
}

In de Startup.cs: 

        services.AddAuthorization(options =>
        {
            options.AddPolicy("ProductionOnly", policy =>
                policy.Requirements.Add(new EnvironmentAuthorize("Production")));
        });

        services.AddSingleton<IAuthorizationHandler, EnvironmentAuthorizeHandler>();

In the Controller: 

[Authorize(Policy = "ProductionOnly")]
public class MyController : Controller

Although it's possible, i can not recommend this, having different behaviors in different environments is truly a nightmare.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Redirect to Authorize Controller with Ajax Core 2 Authorize on API Controller Environment dependent settings Controller with Authorize attribute is called twice Get [Authorize] data from controller Authorize tag not redirecting to correct controller Override Global Authorize in Controller instead of Action Authorize a mvc4 controller based on a particular role Custom Authorize works on action level but not on controller level Differentiate between custom Authorize on controller and action
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM