[英]How to handle authorization error after migrated from ASP.NET Core 2.1 to .NET 6?
我已將我的項目從 asp.net 核心 2.1 遷移到 .NET 6,現在我面臨一個錯誤, context.Resource as AuthorizationFilterContext
返回 NULL。
我已經使用 AuthorizationFilterContext 實現了自定義的基於策略的身份驗證,似乎.NET 6 不支持AuthorizationFilterContext
請幫助我如何將以下代碼從 asp.net 核心 2.1 修改為 .NET6。 謝謝你。
這是此行中的錯誤消息var mvcContext = context.Resource as AuthorizationFilterContext;
下面是AuthorizationHandler
和AuthorizationHandlerContext
的實現代碼
public class HasAccessRequirment : IAuthorizationRequirement { }
public class HasAccessHandler : AuthorizationHandler<HasAccessRequirment>
{
public readonly HoshmandDBContext _context;
public HasAccessHandler(HoshmandDBContext context)
{
_context = context;
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, HasAccessRequirment requirement)
{
Contract.Ensures(Contract.Result<Task>() != null);
List<int?> userGroupIds = new List<int?>();
// receive the function informations
var mvcContext = context.Resource as AuthorizationFilterContext;
if ((mvcContext != null) && !context.User.Identity.IsAuthenticated)
{
mvcContext.Result = new RedirectToActionResult("UserLogin", "Logins", null);
return Task.FromResult(Type.Missing);
}
if (!(mvcContext?.ActionDescriptor is ControllerActionDescriptor descriptor))
{
return Task.FromResult(Type.Missing);
}
var currntActionAddress = descriptor.ControllerName + "/" + descriptor.ActionName;
// finding all information about controller and method from Tables
// check user has access to current action which is being called
//allActionInfo = ListAcctionsFromDatabase;
//bool isPostBack = allActionInfo.FirstOrDefault(a => a.action == currntActionAddress)?.IsMenu ?? true;
bool isPostBack = false;
if (!isPostBack)
{
mvcContext.Result = new RedirectToActionResult("AccessDenied", descriptor.ControllerName, null);
context.Succeed(requirement);
return Task.CompletedTask;
}
else
{
mvcContext.Result = new RedirectToActionResult("AccessDeniedView", descriptor.ControllerName, null);
context.Succeed(requirement);
return Task.CompletedTask;
}
}
}
這是我的 Program.cs 代碼:
builder.Services.AddAuthorization(options =>
{
options.AddPolicy("HasAccess", policy => policy.AddRequirements(new HasAccessRequirment()));
});
builder.Services.AddTransient<IAuthorizationHandler, HasAccessHandler>();
這是 Controller 代碼:
[Authorize(policy: "HasAccess")]
public class HomeController : BaseController
{
}
自 .net 核心 3 以來,關於 AuthorizationFilterContext 有一些變化:
A. MVC 不再將 AuthorizeFilter 添加到 ActionDescriptor,ResourceInvoker 將不會調用 AuthorizeAsync()。
B. 它將 Filter 作為元數據添加到端點。 此外,在 .net 5 中,它將context.Resource更改為 DefaultHttpContext 的類型。
所以這是新方法:
public class MyAuthorizationPolicyHandler : AuthorizationHandler<OperationAuthorizationRequirement>
{
public MyAuthorizationPolicyHandler()
{
}
protected async override Task HandleRequirementAsync(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement)
{
var result = false;
if (context.Resource is Microsoft.AspNetCore.Http.DefaultHttpContext httpContext)
{
var endPoint = httpContext.GetEndpoint();
if (endPoint != null)
{
var attributeClaims = endPoint.Metadata.OfType<MyAuthorizeAttribute>()
//TODO: Add your logic here
}
if (result)
{
context.Succeed(requirement);
}
}
}
請參考這個討論: "context.Resource as AuthorizationFilterContext" returning null in ASP.NET Core 3.0
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.