堆棧內存溢出
  簡體   English   中英

自定義授權屬性 - ASP .NET Core 2.2

[英]Custom Authorize attribute - ASP .NET Core 2.2

 原文  2019-03-09 16:25:38       c#/ asp.net-core

問題描述

我想創建一個自定義 Authorize 屬性,以便能夠在失敗時發送個性化響應。 有很多例子,但我找不到我要找的東西。 注冊保單時,我添加了“索賠”。 是否可以在自定義屬性中訪問該注冊聲明而無需通過參數傳遞聲明? 或者是否有可能知道索賠檢查是否發生,如果沒有,返回個性化回復? 謝謝!

public static void AddCustomAuthorization(this IServiceCollection serviceCollection)
{
    serviceCollection.AddAuthorization(x =>
    {
        x.AddPolicy(UserPolicy.Read,
            currentPolicy => currentPolicy.RequireClaim(UserClaims.Read));
    });
}

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true)]
public class CustomAuthorizeAttribute : AuthorizeAttribute, IAuthorizationFilter
{
    public void OnAuthorization(AuthorizationFilterContext authorizationFilterContext)
    {
        if (authorizationFilterContext.HttpContext.User.Identity.IsAuthenticated)
        {
            if (!authorizationFilterContext.HttpContext.User.HasClaim(x => x.Value == "CLAIM_NAME")) // ACCESS TO REGISTER CLAIM => currentPolicy => currentPolicy.RequireClaim(UserClaims.Read)
            {
                authorizationFilterContext.Result = new ObjectResult(new ApiResponse(HttpStatusCode.Unauthorized));
            }
        }
    }
}

[HttpGet]
[CustomAuthorizeAttribute(Policy = UserPolicy.Read)]
public async Task<IEnumerable<UserDTO>> Get()
{
    return ...
}

2 個解決方案

解決方案1
 10 已采納  2019-03-09 20:31:57

您可以使用IAuthorizationPolicyProvider獲取策略,然后使用ClaimsAuthorizationRequirement.ClaimType獲取聲明名稱。 並且由於它具有異步 API,因此最好使用IAsyncAuthorizationFilter而不是IAuthorizationFilter 嘗試這個:

public class CustomAuthorizeAttribute : AuthorizeAttribute, IAsyncAuthorizationFilter
{
    public async Task OnAuthorizationAsync(AuthorizationFilterContext authorizationFilterContext)
    {
        var policyProvider = authorizationFilterContext.HttpContext
            .RequestServices.GetService<IAuthorizationPolicyProvider>();
        var policy = await policyProvider.GetPolicyAsync(UserPolicy.Read);
        var requirement = (ClaimsAuthorizationRequirement)policy.Requirements
            .First(r => r.GetType() == typeof(ClaimsAuthorizationRequirement));

        if (authorizationFilterContext.HttpContext.User.Identity.IsAuthenticated)
        {
            if (!authorizationFilterContext.HttpContext
              .User.HasClaim(x => x.Value == requirement.ClaimType))
            {
                authorizationFilterContext.Result = 
                   new ObjectResult(new ApiResponse(HttpStatusCode.Unauthorized));
            }
        }
    }
}

解決方案2
 5  2020-04-10 15:32:03

這個屬性需要一個字符串數組,這在我的例子中是需要的。 我需要將不同的用戶角色傳遞給這個屬性,並根據一些自定義邏輯返回結果。

public class CustomAuthFilter : AuthorizeAttribute, IAuthorizationFilter
{
    public CustomAuthFilter(params string[] args)
    {
        Args = args;
    }

    public string[] Args { get; }

    public void OnAuthorization(AuthorizationFilterContext context)
    {
        //Custom code ...

        //Resolving a custom Services from the container
        var service = context.HttpContext.RequestServices.GetRequiredService<ISample>();
        string name = service.GetName(); // returns "anish"

        //Return based on logic
        context.Result = new UnauthorizedResult();
    }
}

您可以使用此屬性裝飾您的控制器,如下所示

 [CustomAuthFilter("Anish","jiya","sample")]
 public async Task<IActionResult> Index()

Sample 是一個返回硬編碼字符串的類

public class Sample : ISample
{
    public string GetName() => "anish";
}

services.AddScoped(); //注冊ISample,Sample為scoped。

對於異步支持,請使用 IAsyncAuthorizationFilter

public class CustomAuthFilter : AuthorizeAttribute, IAsyncAuthorizationFilter
{

    public CustomAuthFilter(params string[] args)
    {
        Args = args;
    }

    public string[] Args { get; }

    public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
    {
        //DO Whatever...

        //Resolve Services from the container
        var service = context.HttpContext.RequestServices.GetRequiredService<ISample>();
        var httpClientFactory = context.HttpContext.RequestServices.GetRequiredService<IHttpClientFactory>();
        string name = service.GetName();

        using var httpClient = httpClientFactory.CreateClient();

        var resp = await httpClient.GetAsync("https://jsonplaceholder.typicode.com/todos/1");
        var data = await resp.Content.ReadAsStringAsync();

        //Return based on logic
        context.Result = new UnauthorizedResult();

    }
}

希望有幫助..

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 ASP.NET Core 2.2 授權角色不工作的屬性 ASP.NET Core自定義授權屬性 在ASP.NET Core中使用授權屬性和自定義Cookie身份驗證 ASP.NET Core 2授權屬性jwt 在ASP.NET MVC上的自定義授權屬性 自定義授權屬性不起作用 asp.net ASP.NET MVC和自定義授權屬性 如何創建不依賴於 ASP.NET Core 中的聲明的自定義授權屬性? 如何在 ASP.NET CORE 中為多個策略創建自定義授權屬性 如何在 Asp.Net Core 2.2 中使用具有自定義 model 綁定的 [FromHeader] 屬性
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM