[英]Set authorize attribute for Custom policy for all controller and Actions at global
我是.Net / ASP.NET開發的新手,我正在嘗試使用我想在全局級別添加的自定義策略,這樣我就不必在每個控制器中為我構建的策略添加[ Authorize
]屬性。
我創建了一個名為SuperAdminUsers
的策略,並使用UserNamesRequirement
中的自定義要求,我想在全局級別設置它,這樣所有SuperAdminUsers
都可以訪問所有控制器和操作。
以下是我在startup.cs
文件中創建的策略。
services.AddAuthorization(
option =>
{
option.AddPolicy("Admin", policy => policy.RequireRole("DOMAIN\\GroupName"));
option.AddPolicy("SuperAdminUsers", policy => policy.Requirements.Add(new UserNamesRequirement("DOMAIN\\USER1", "DOMAIN\\USER2"))
}
);
// Add Custom filters
services.AddMvc(
config =>
{
var policy = new AuthorizationPolicyBuilder();
policy.Requirements.Add(new UserNamesRequirement("DOMAIN\\USER1"));
policy.Build();
config.Filters.Add(new AuthorizeFilter(policy));
}
);
在上面的config.Filters
,我收到以下屏幕截圖中顯示的錯誤:
這是我的客戶要求和處理類:
public class UserNamesRequirement : IAuthorizationRequirement
{
public UserNamesRequirement(params string[] UserNames)
{
Users = UserNames;
}
public string[] Users { get; set; }
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, UserNamesRequirement requirement)
{
// var userName = context.User.FindFirst(ClaimTypes.NameIdentifier).Value;
var userName = context.User.Identity.Name;
if (requirement.Users.ToList().Contains(userName))
context.Succeed(requirement);
return Task.FromResult(0);
}
更新1:
使用以下代碼更新啟動文件,但仍無法授權。
services.AddMvc
(
config =>
{
var policyBuilder = new AuthorizationPolicyBuilder();
policyBuilder.Requirements.Add(new UserNamesRequirement("DOMAIN\\USER1", "DOMAIN\\USER2"));
var policy = policyBuilder.Build();
config.Filters.Add(new AuthorizeFilter(policy));
}
);
控制器我試圖訪問:
[Authorize(Policy = "Admins")]
[Authorize(Policy = "SuperAdminUsers")]
public class OperatingSystemsController : Controller
{
private readonly ServerMatrixDbContext _context;
public OperatingSystemsController(ServerMatrixDbContext context)
{
_context = context;
}
// GET: OperatingSystems
public async Task<IActionResult> Index()
{
return View(await _context.OperatingSystems.ToListAsync());
}
}
這是我在str輸出日志文件中看到的內容:
注意:我刪除了真實域名和用戶名。
Application started. Press Ctrl+C to shut down.
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 GET http://localhost/demo/OperatingSystems/Create
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[1]
Authorization was successful for user: DOMAIN\USER1.
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
Authorization failed for user: DOMAIN\USER1.
warn: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[1]
Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
info: Microsoft.AspNetCore.Mvc.ChallengeResult[1]
任何幫助都非常感謝。
過濾器是為所有控制器和操作設置授權屬性的一種方法。 例如,這是需要特定用戶名的策略。
services.AddMvc(config =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireUserName("DOMAIN\\USERID")
.Build();
config.Filters.Add(new AuthorizeFilter(policy));
});
您收到的錯誤是因為AuthorizationFilter
構造函數需要policy
而不是policyBuilder
。 以下是更改變量名稱的代碼,以便更清晰。
services.AddMvc(config =>
{
var policyBuilder = new AuthorizationPolicyBuilder();
policyBuilder.Requirements.Add(new UserNamesRequirement("DOMAIN\\USER1"));
// this will NOT work
policyBuilder.Build();
config.Filters.Add(new AuthorizeFilter(policyBuilder));
// this will work
var policy = policyBuilder.Build();
config.Filters.Add(new AuthorizeFilter(policy));
});
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.