stackoom
  简体   繁体   中英

ASP.NET Core: How would I go about binding data from user claims?

 原文  2019-11-29 14:32:43       c#/ asp.net-core/ model-view-controller/ model-binding

Question

I have a simple ASP.NET Core http API, and there are an awful lot of controller actions that all start like this:

    public async Task<ActionResult> Delete()
    {
        if (!User.Claims.TryGetClaim("merchant_id", out long merchantId))
        {
            return BadRequest();
        }

        /* Real code using merchantId */
    }

I would like to reduce the duplication of the claims check each time, but I'm unsure how to go about it. I've got the code about as small as I can using just extension methods, but I'd like to get it smaller still, something like this:

public async Task<ActionResult> Delete([FromClaims] long merchantId)
{
    /* Real code using merchantId */
}

But I've been reading the docs on ASP.NET core middleware and I don't know what I have to implement to make this happen.

The built-in FromBody attribute inherits from IBindingSourceMetadata , which defines a BindingSource property. However, I can't find any resources online about how one might implement their own binding source to get items from the user claims.

2 answers

solution1
 3  2019-11-29 14:44:23

You can use policy base authorization with attributes.

public void ConfigureServices(IServiceCollection services)
{
    ...
    services.AddAuthorization(options =>
    {
        options.AddPolicy("ShouldHaveMerchantId", policy => 
              policy.RequireClaim("merchant_id"));
    });
    ...
}

And on your action methods use Authorize attribute with your policy name.

[Authorize(Policy = "ShouldHaveMerchantId")]
public async Task<IActionResult> YourActionMethod()
{
    //Your logic
}

solution2
 1  2019-11-29 14:47:28

You could create a middleware like this

public class MyMiddleware 
{
   private readonly RequestDelegate next;

   public MyMiddleware (RequestDelegate next)
   {
        this.next = next;
   }

   public async Task Invoke(HttpContext ctx) 
   {
       // Your check here, something like
       if (!ctx.User.Claims.TryGetClaim("merchant_id", out long merchantId))
       {
            ctx.Response.StatusCode = (int)HttpStatusCode.BadRequest;
       }
       else
       {
            await next.Invoke(ctx);
       }

   }
}

and then register it like

app.UseMiddleware<MyMiddleware>();

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How do I update user claims in Asp.net Core How to remove claims from current user in ASP.NET Core? asp.net core how to add claims to User how to get claims of another user using ASP.NET Core How can i revoke claims in ASP.NET Core 6 after deleting a user? Owin Authentication and claims in asp.net how to access user data How to make a middleware that can call database to check user claims to authorize a user in asp.net core 2.2 How to persist newly added claims to existing HttpContext user in Asp.Net Core 3.1 Are ASP.NET Core claims reliable and secure from tampering? Retrieve claims from JWT authentication on ASP.NET Core MVC
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM