[英]ASP.NET Core 6 Web API - How do I check if the action with given ActionDescriptor requires authentication?
給定一個ActionDescriptor ,例如位於GET /api/Item/{id}的操作的ActionDescriptor ,我如何判斷它是否需要身份驗證?
檢查與操作對應的方法的過濾器,以及可能聲明該方法的 class 的過濾器是否為AuthorizeAttribute或AllowAnonymousAttribute是不可靠的,因為通過這種方式AuthorizationOptions的策略( FallbackPolicy 、 DefaultPolicy和使用AddPolicy()添加的策略)例如,不會被考慮在內。
我試圖檢查以下接口是否具有接受ActionDescriptor的方法,但不幸的是它們都沒有:
IAuthorizationPolicyProviderIAuthorizationServiceIAuthorizationHandlerIAuthorizationHandlerContextFactoryIAuthorizationHandlerProvider 編輯:經過一番搜索,我認為 WebForms 中存在我需要的內容: UrlAuthorizationModule.CheckUrlAccessForPrincipal() 。 我想知道 ASP.NET Core 是否有類似的東西。
這里是 go:
using System.Linq;
using Microsoft.AspNetCore.Mvc.Abstractions;
using Microsoft.AspNetCore.Mvc.Filters;
public static bool RequiresAuthoriation(this ActionDescriptor actionDescriptor)
{
return actionDescriptor.FilterDescriptors.Any(fd=>fd.Select(filterInfo => filterInfo.Filter).Any(filter => filter is IAuthorizationFilter));
}
您需要使用授權接口檢查過濾器,所以我認為這應該有效:
if(ControllerContext.ActionDescriptor.FilterDescriptors.OfType<IAuthorizationFilter>().Any())
//means the action has Authorization filter
if(ControllerContext.ActionDescriptor.FilterDescriptors.OfType<IAllowAnonymous>().Any())
//means action has AllowAnonymous filter
更新:另一種方法是獲取所有動作及其屬性
var projectAssembly = Assembly.GetAssembly(typeof(Suxxeed.Analytixx.Api.Startup));
var controllerActionlist = projectAssembly.GetTypes()
.Where(type => typeof(Controller).IsAssignableFrom(type))
.SelectMany(type => type.GetMethods(BindingFlags.Instance | BindingFlags.DeclaredOnly | BindingFlags.Public))
.Where(m => !m.GetCustomAttributes(typeof(System.Runtime.CompilerServices.CompilerGeneratedAttribute), true).Any())
.Select(x => new
{
Controller = x.DeclaringType?.Name,
ControllerAttributes = string. Join(",", x.DeclaringType.GetCustomAttributes().Select(a => a.GetType().Name.Replace("Attribute", ""))),
Action = x.Name,
ActionAttributes = string. Join(",", x.GetCustomAttributes().Select(a => a.GetType().Name.Replace("Attribute", "")))
})
.OrderBy(x => x.Controller).ThenBy(x => x.Action).ToList();
//for detecting any action has Authorize attribute you can do this
if(controllerActionlist.Any(x=> x.Action=="YouAction"
&& (x.ActionAttributes.Contains("Authorize") || x.ControllerAttributes.Contains("Authorize"))))
//some stuff
如何禁用特定 ASP.NET Core 5.0 Web ZDB974238714CA8DE6347A 操作的自動 model 綁定?
[英]How do I disable automatic model binding for a specific ASP.NET Core 5.0 Web API action?
如何在ASP.NET Core 2.0 Web API中添加IdentityServer4和Auth0的Jwt身份驗證?
[英]How do I add Jwt authentication from IdentityServer4 and Auth0 in an ASP.NET Core 2.0 web api?
給定一個URL和HTTP動詞,如何在ASP.NET MVC / Web API中解析控制器/動作?
[英]Given a URL and HTTP verb, how can I resolve the controller/action in ASP.NET MVC/Web API?
如何使用身份向 ASP.NET 核心最小 API 添加身份驗證,但不使用 Azure?
[英]How do I add authentication to an ASP.NET Core minimal API using Identity, but without using Azure?
asp.net core 6.0中帶有Swashbuckle的ActionDescriptor的GetCustomAttributes方法在哪里?
[英]Where is the GetCustomAttributes method of the ActionDescriptor with Swashbuckle in asp.net core 6.0?
如何將 web api 添加到現有的 asp.net mvc core 6 web 應用程序
[英]How do i add a web api to an existing asp.net mvc core 6 web application
處理身份驗證/授權:ASP.NET Core Web 應用程序 => ASP.NET Core Web API => SQL
[英]Handling authentication/authorization: ASP.NET Core Web Application => ASP.NET Core Web API => SQL
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.