[英]How to add application logic in policy based authorization in .NET Core
我有当前的设置工作,但我收到这样的错误:
An attempt was made to use the context instance while it is being configured.
A DbContext instance cannot be used inside 'OnConfiguring' since it is still being configured at this point.
This can happen if a second operation is started on this context instance before a previous operation completed.
Any instance members are not guaranteed to be thread safe.
我创建了IAuthorizationRequirement
public class ValidGroupsRequirement : IAuthorizationRequirement
{
private IAuthenticationService _authenticationService;
public async Task<bool> ValidateAccess(IAuthenticationService authenticationService, List<string> groups)
{
_authenticationService = authenticationService;
var result = await _authenticationService.AllGroupsExist(groups);
return result;
}
}
还有AuthorizationHandler
public class GroupsValidationHandler : AuthorizationHandler<ValidGroupsRequirement>
{
private readonly IAuthenticationService authenticationService;
public GroupsValidationHandler(IAuthenticationService authenticationService)
{
this.authenticationService = authenticationService;
}
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, ValidGroupsRequirement requirement)
{
var userGroups = context.User.FindAll("groups").Select(X => X.Value).ToList();
var result = await requirement.ValidateAccess(authenticationService, userGroups);
if (result)
{
context.Succeed(requirement);
}
else
{
context.Fail();
var filterContext = context.Resource as DefaultHttpContext;
var response = filterContext.HttpContext.Response;
response.OnStarting(async () =>
{
filterContext.HttpContext.Response.StatusCode = 401;
});
}
}
}
我已经在Program.cs中注册了它们
builder.Services.AddAuthorization(options =>
{
options.AddPolicy("ValidateGroups", policy =>
{
policy.RequireAuthenticatedUser();
policy.AddRequirements(new ValidGroupsRequirement());
});
options.InvokeHandlersAfterFailure = false;
});
builder.Services.AddScoped<IAuthenticationService, AuthenticationService>();
我在身份验证服务中遇到错误。
因为我将它传递给要求,是否有可能不正确处理它?
我知道有一种方法可以在没有要求的情况下创建处理程序,但是 context.Succeed() 方法只接受要求。 我应该如何在program.cs中注册它
谢谢
测试后没有遇到你的问题,一切正常,只是不能使用_authenticationService.AllGroupsExist()
,所以我直接output result
为true
来替换你的IAuthenticationService
好像没有提供这个方法,你自定义了吗?
我根据这个文档注册了Handler
程序:
builder.Services.AddTransient<IAuthorizationHandler, GroupsValidationHandler>();
然后授权某些操作:
[Authorize(Policy = "ValidateGroups")]
一切都在正常执行。
您能否提供一个重现该问题的最小示例?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.