asp.net core策略授权
2017-09-03 10:18
495 查看
在《asp.net core认证与授权》中讲解了固定和自定义角色授权系统权限,其实我们还可以通过其他方式来授权,比如可以通过角色组,用户名,生日等,但这些主要取决于ClaimTypes,其实我们也可以自定义键值来授权,这些统一叫策略授权,其中更强大的是,我们可以自定义授权Handler来达到灵活授权,下面一一展开。注意:下面的代码只是部分代码,完整代码参照:https://github.com/axzxs2001/Asp.NetCoreExperiment/tree/master/Asp.NetCoreExperiment/%E6%9D%83%E9%99%90%E7%AE%A1%E7%90%86/PolicyPrivilegeManagement首先看基于角色组,或用户名,或基于ClaimType或自定义键值等授权策略,这些都是通过Services.AddAuthorization添加,并且是AuthorizationOptions来AddPolicy,这里策略的名称统一用RequireClaim来命名,不同的请求的策略名称各不相同,如用户名时就用policy.RequireUserName(),同时,在登录时,验证成功后,要添加相应的Claim到ClaimsIdentity中:Startup.cs
[code=c#;toolbar:false"> public void ConfigureServices(IServiceCollection services) { services.AddMvc(); services.AddAuthorization(options => { //基于角色的策略 options.AddPolicy("RequireClaim", policy => policy.RequireRole("admin", "system")); //基于用户名 //options.AddPolicy("RequireClaim", policy => policy.RequireUserName("桂素伟")); //基于Claim //options.AddPolicy("RequireClaim", policy => policy.RequireClaim(ClaimTypes.Country,"中国")); //自定义值 // options.AddPolicy("RequireClaim", policy => policy.RequireClaim("date","2017-09-02")); }).AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(options =>{ options.LoginPath = new PathString("/login"); options.AccessDeniedPath = new PathString("/denied"); }); }[p] /// <summary> /// 用户权限 /// </summary> public class UserPermission { /// <summary> /// 用户名 /// </summary> public string UserName { get; set; } /// <summary> /// 请求Url /// </summary> public string Url { get; set; } }[p]using Microsoft.AspNetCore.Authorization; using System.Collections.Generic; using System.Linq; using System.Security.Claims; using System.Threading.Tasks; namespace PolicyPrivilegeManagement.Models { /// <summary> /// 权限授权Handler /// </summary> public class PermissionHandler : AuthorizationHandler<PermissionRequirement> { /// <summary> /// 用户权限 /// </summary> public List<UserPermission> UserPermissions { get; set; } protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissionRequirement requirement) { //赋值用户权限 UserPermissions = requirement.UserPermissions; //从AuthorizationHandlerContext转成HttpContext,以便取出表求信息 var httpContext = (context.Resource as Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext).HttpContext; //请求Url var questUrl = httpContext.Request.Path.Value.ToLower(); //是否经过验证 var isAuthenticated = httpContext.User.Identity.IsAuthenticated; if (isAuthenticated) { if (UserPermissions.GroupBy(g => g.Url).Where(w => w.Key.ToLower() == questUrl).Count() > 0) { //用户名 var userName = httpContext.User.Claims.SingleOrDefault(s => s.Type == ClaimTypes.Sid).Value; if (UserPermissions.Where(w => w.UserName == userName && w.Url.ToLower() == questUrl).Count() > 0) { context.Succeed(requirement); } else { //无权限跳转到拒绝页面 httpContext.Response.Redirect(requirement.DeniedAction); } } else { context.Succeed(requirement); } } return Task.CompletedTask; } } }相关文章推荐
- ASP.NET Core 认证与授权[6]:授权策略是怎么执行的?
- asp.net core 2.0 web api基于JWT自定义策略授权
- asp.net core策略授权
- ASP.NET Core 认证与授权[6]:授权策略是怎么执行的?
- asp.net core策略授权
- asp.net core策略授权
- asp.net core 2.0 web api基于JWT自定义策略授权
- asp.net core策略授权
- Asp .Net Core 2.0 登录授权以及多用户登录
- ASP.NET Core 认证与授权[7]:动态授权
- 在ASP.NET Core上实施每个租户策略的数据库
- ASP.NET Core 2.1中基于角色的授权
- asp.net core的认证和授权
- ASP.NET Core 认证与授权[2]:Cookie认证
- ASP.NET Core 认证与授权[3]:OAuth & OpenID Connect认证
- 用Middleware给ASP.NET Core Web API添加自己的授权验证
- asp.net core的认证和授权
- ASP.NET CORE系列【四】基于Claim登录授权
- asp.net core-14.JWT认证授权 生成 JWT Token
- 【转载】asp.net core 2.0的认证和授权