stackoom
  简体   繁体   中英

Blazor WASM authorize attribute based on query string

 原文  2021-10-25 14:25:05       c#/ blazor/ blazor-webassembly

Question

@attribute [Authorize(Roles = "Admin")]
@attribute [Authorize(Roles = NavigationManager.QueryString("level"))]

I have added this code on my page level, the first authorize attribute works fine, since it is just a constant value "Admin" but not the second authorize attribute.

I am trying to grant access based on the query string, but this code NavigationManager.QueryString("level") will have this error "An object reference is required for the nonstatic field, method, or property 'member'"

https://docs.microsoft.com/en-us/dotnet/csharp/language-reference/compiler-messages/cs0120?f1url=%3FappId%3Droslyn%26k%3Dk(CS0120)

Is there anyway to fix this?

1 answers

solution1
 0  2021-10-25 15:58:42

Short answer: you cannot do this. An attribute argument needs to be a compile time constant .

Long answer: don't do this. Checking for authorization using query string is inherently unsecure.

If you have complicated authorization, check out Policy based authorization. This is a good explainer in general. Check out this for a more Blazor WASM specific example

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to authorize user's role in client side of blazor wasm? Blazor wasm Web API response is an HTML string Authorization issue when use [Authorize] attribute in page in client blazor app Blazor WASM and Refit token Scaffolding tool with Blazor wasm Blazor WASM CheckSession Loop MudSelect Issue in Blazor WASM Blazor WASM components in Razorpages Blazor WASM URL routing Use Authorize Attribute with Custom Claims based Authentication
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM